Exploitable Storage and Backup Vulnerabilities: A Growing Threat to Enterprise Security  

On May 1^st, enterprise backup vendor, Commvault revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928.

That wasn’t the only vulnerability making headlines. A few days earlier, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added a significant security flaw affecting Broadcom’s Brocade Storage Fabric OS to its authoritative catalog, underscoring the urgent need for remediation across enterprise and government environments. 

The vulnerability has the potential to allow local attackers with administrative privileges to execute arbitrary code with full root access. 

This escalation of privilege could enable a complete compromise of the underlying storage network infrastructure, posing significant risks to data integrity and operational continuity.

Not Isolated Cases: A Growing List of Exploited Vulnerabilities

The exploitation of Commvault and Brocade is far from isolated incidents. In recent months, multiple vulnerabilities in storage and backup solutions have been discovered and actively exploited. Examples include:

Veeam Backup & Replication:
CVE-2022-26500 and CVE-2022-26501: These vulnerabilities allow remote, unauthenticated attackers to execute arbitrary code. They were actively exploited by ransomware groups like Monti and Yanluowang shortly after discovery, emphasizing the importance of timely patching​

MinIO:
CVE-2023-28432: This vulnerability in MinIO’s Multi-Cloud Object Storage framework allows attackers to return all environment variables, including sensitive information like MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD.
Attackers were caught exploiting the above MinIO vulnerability, as reported by CISA.

Veritas Backup Exec:
CVE-2021-27876: This vulnerability allows unauthorized file access through the Backup Exec Agent.
This vulnerability had been actively exploited, highlighting the risks associated with unpatched backup solutions​.

Oracle ZFS Storage Appliance:
CVE-2020-14871: Easy-to-use, actively exploited vulnerability that allows unauthenticated attacker to compromise the system, causing high impacts to confidentiality, integrity, and availability.

Why Storage & Backup Security Matters More Than Ever

From ransomware to insider threats, if your primary storage is compromised, hundreds or thousands of workloads — databases, containers, VMs — can go down in a flash.

Worse still, if your backup systems are compromised, there’s no Plan B. No way to recover. You’re out of options.

On average, each enterprise storage or backup device has 10 vulnerabilities, including 5 critical or high-severity ones. Yet most organizations have limited visibility into these weaknesses.

Two Key Steps to Fortify Your Storage & Backup Systems

1. Build a Secure Configuration Baseline

Define secure settings per product (e.g. Dell, Pure, Hitachi Vantara, NetApp, Rubrik, Cohesity) – and ensure they’re reviewed and refreshed regularly. A secure baseline includes both system-level and security controls that reflect vendor guidance and real-world attack patterns.

2. Perform a Gap Assessment

Gap assessments surface weak spots you didn’t know existed.

What a Complete Storage & Backup Security Program Looks Like

Storage and backup systems are your organization’s most critical — and ironically most overlooked — assets. They deserve the same security rigor as endpoints, networks, and apps.

A well-architected Security Posture Management plan for storage and backups includes:

• Vulnerability management tailored to the environment
• Secure configuration enforcement
• Real-time anomaly detection (block and file-level)
• Compliance mapping (PCI DSS, NIST, ISO, HIPAA, etc.)
• Integration with tools like ServiceNow, Qualys/Rapid7/Tenable, CyberArk, CyberSense, Varonis, and others