CVE-2025-55125

Published Jan 8, 2026

Last updated 2 months ago

CVSS high 7.8

Overview

Description
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.
Source
support@hackerone.com
NVD status
Analyzed
Products
veeam_backup_\&_replication

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score
Not currently trending

  1. CVE-2025-55125 This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. https://t.co/WCq1pT8mYV

    @CVEnew

    9 Jan 2026

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Veeam Backup & Replication 13、複数の深刻な脆弱性を修正(CVE-2025-55125,CVE-2025-59469,CVE-2025-59470) https://t.co/ZXXGIil0Ia #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃

    @securityLab_jp

    9 Jan 2026

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Vulnerabilidades en productos Veeam ❗ CVE-2025-59470 ❗ CVE-2025-59469 ❗ CVE-2025-55125 ➡️ Más info: https://t.co/PHcUIlg0AM https://t.co/Ue2fejS1cH

    @CERTpy

    7 Jan 2026

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Multiple Veeam CVEs Identified: Critical Flaws Allow RCE and High-Privilege Actions CVE-2025-55125: A flaw that allows a Backup or Tape Operator to achieve remote code execution (RCE) as root by crafting a malicious backup configuration file. ▪️Severity: High ▪️CV

    @DarkWebInformer

    7 Jan 2026

    2457 Impressions

    1 Retweet

    11 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  5. Veeam discloses four critical bugs in Backup & Replication v13 enabling root level remote code execution. CVE-2025-55125 is patched in build 13.0.1.1071 dated Jan 6 2026. #Vulnerability https://t.co/Y79B6VpAZ9

    @threatcluster

    7 Jan 2026

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. اگر از Veeam Backup های ورژن 13 استفاده می کنید ، آخرین به روز رسانی منتشر شده توسط Beeam Backup را اعمال کنید ، به تازگی چندین آسیب پذیری مختلف از نوع RCE با کدهای شناسای

    @EthicalSafe

    7 Jan 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. This vulnerability allows a Backup or Tape Operator to write files as root.CVE-2025-59469
  2. This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.CVE-2025-59468
  3. This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.CVE-2025-59470
  4. A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.CVE-2025-48984
  5. A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.CVE-2025-48983

References

Sources include official advisories and independent security research.