{"id":"CVE-2025-59470","details":"This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.","modified":"2026-05-04T08:47:20.373708Z","published":"2026-01-08T17:15:48.290Z","withdrawn":"2026-05-04T08:47:20.373708Z","references":[{"type":"ADVISORY","url":"https://www.veeam.com/kb4792"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"13.0.0.4967"},{"fixed":"13.0.1.1071"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59470.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}]}