Share
## https://sploitus.com/exploit?id=3D313557-B632-54C6-8268-8BB32BC4463F
# CVE-2025-59470

 
CVE-2025-59470 PoC exploit targeting Veeam Backup & Replication v13.0.1.180 and prior. Enables RCE as postgres user via malformed interval/order params in backup job configs. Requires Backup/Tape Operator creds for auth. Tested on Windows Server 2019/2022 with default Postgres backend. No dependencies beyond Python 3.8+ and requests lib.

**Usage**  
`python CVE-2025-59470.py --target  --port 9401 --user  --pass  --payload `  
   - Payload example: `whoami` or reverse shell via netcat.  

**Features**  
- Multi-target support: Scan subnet for vuln VBR instances.  
- Error handling: Retries on auth fails or partial RCE.

**Disclaimer**  
For red teaming/pentesting only. Author not liable for misuse.
Contact via X: @B1gh0rnn for discussion.

Exploit here: https://tinyurl.com/5fevrcf3.