CERT-FR has issued a notice about multiple vulnerabilities in Veeam Backup & Replication that could allow remote code execution, privilege escalation, and data integrity compromise. The vulnerabilities affect versions prior to 13.0.1.1071 and are detailed in Veeam’s security bulletin kb4792 dated 6 January 2026. Four CVE identifiers are referenced: CVE-2025-55125, CVE-2025-59468, CVE-2025-59469, and CVE-2025-59470. Users are advised to consult the vendor bulletin for patches to mitigate the risks. The notice is dated 6 January 2026 and remains the latest version. The risks include data integrity loss, remote code execution, and privilege escalation. The document also lists the responsible agency: the Ministry of the Interior and the National Agency for Information Systems Security. Affected systems are Veeam Backup & Replication versions before 13.0.1.1071. The official notice can be accessed via the French cyber security portal.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0006/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.