H-ISAC TLP White Vulnerability Bulletin: Multiple Vulnerabilities Addressed in Veeam Backup & Replication Solution

On January 6, 2026, Veeam released security updates to address four vulnerabilities affecting its Backup & Replication solution, the most severe of which could allow unauthenticated privilege escalation, enabling the launch of remote code execution (RCE) attacks.

Tracked as CVE-2025-59470, CVE-2025-55125, CVE-2025-59469, and CVE-2025-59468, these flaws impact all version 13 builds prior to the latest release. Organizations are strongly urged to apply the available patches as soon as possible to prevent potential system compromise and data loss.

Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk to these vulnerabilities. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides and Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides and Reports
Cybersecurity and Risk Advisory Services