## https://sploitus.com/exploit?id=3D313557-B632-54C6-8268-8BB32BC4463F
# CVE-2025-59470
CVE-2025-59470 PoC exploit targeting Veeam Backup & Replication v13.0.1.180 and prior. Enables RCE as postgres user via malformed interval/order params in backup job configs. Requires Backup/Tape Operator creds for auth. Tested on Windows Server 2019/2022 with default Postgres backend. No dependencies beyond Python 3.8+ and requests lib.
**Usage**
`python CVE-2025-59470.py --target --port 9401 --user --pass --payload `
- Payload example: `whoami` or reverse shell via netcat.
**Features**
- Multi-target support: Scan subnet for vuln VBR instances.
- Error handling: Retries on auth fails or partial RCE.
**Disclaimer**
For red teaming/pentesting only. Author not liable for misuse.
Contact via X: @B1gh0rnn for discussion.
Exploit here: https://tinyurl.com/5fevrcf3.