Backup and recovery
This hub aggregates every CVE we track for Backup and recovery, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
5
Critical
14
High
1
In CISA KEV
Severity distribution
HIGH14CRITICAL5MEDIUM1
Monthly trend
0
7
0
0
0
0
0
6
0
0
2
0
0
0
0
0
0
4
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Backup and recovery.
- CVE-2025-59470This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.9.0
- CVE-2025-59469This vulnerability allows a Backup or Tape Operator to write files as root.9.0
- CVE-2025-59468This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.9.0
- CVE-2025-55125This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.7.8
- CVE-2025-24286A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.7.2
- CVE-2025-23121A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user8.8
- CVE-2025-23120A vulnerability allowing remote code execution (RCE) for domain users.8.8
- CVE-2025-0285CVE-2025-02857.8
- CVE-2025-0286CVE-2025-02868.4
- CVE-2025-0287CVE-2025-02875.1
- CVE-2025-0288CVE-2025-02887.8
- CVE-2025-0289CVE-2025-02897.8
- CVE-2024-39718An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.8.1
- CVE-2024-40711A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).KEV9.8
- CVE-2024-40712A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).7.8
Product normalization is registry-driven with AI assist and human review. How it works