Exploited and Exposed: Storage and Backup Systems Are Under Attack 

Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems 

Enterprise storage and backup systems have become a high-priority target for cybercriminals. In the last two months alone, there has been a dramatic escalation in the discovery—and in some cases exploitation—of critical vulnerabilities across leading storage and data protection platforms. With past attention focused on vendors like Veeam and MinIO, the threat landscape has now broadened to include major enterprise players such as IBM, Veritas, HPE, Dell, Commvault, and Broadcom.  

Critical Vulnerabilities Emerge Across Leading Vendors 

IBM: Privilege Escalation in BRMS 

On June 16, IBM disclosed a severe flaw in its Backup, Recovery, and Media Services (BRMS). The vulnerability enables low-privileged users to execute arbitrary, user-controlled code with elevated system access—potentially compromising the host’s operating system and exposing enterprise infrastructure to systemic risk. 

Veeam: New flaw lets domain users hack backup servers 

Also announced on June 16, Veeam’s security updates to fix several vulnerabilities, including a critical remote code execution, which impacts domain-joined installations. 

With many organizations integrating their backup servers into the corporate Windows domain, they are inadvertently disregarding Veeam’s security best practices. These guidelines advise Backup Admins to use a separate Active Directory Forest and protect the administrative accounts with two-factor authentication.   

HPE: Remote Code Execution in StoreOnce 

On June 6, HPE announced several vulnerabilities in its StoreOnce software. These flaws allow remote attackers to bypass authentication, run malicious code, and extract sensitive enterprise data. The risk spans both data compromise and operational disruption. 

Dell: Full Filesystem Access in PowerScale OneFS 

Also on June 6, Dell reported two serious vulnerabilities in its PowerScale OneFS storage OS. The most severe allows unauthenticated attackers to gain full, unauthorized access to enterprise file systems—jeopardizing data integrity and confidentiality at scale. 

CISA Flags CVE-2025-32433: Impacting Cisco and NetApp 

On June 10, the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert for a critical vulnerability in Erlang/OTP’s SSH implementation that was added to the known exploited vulnerabilities catalog. This zero-auth flaw enables remote command execution. The threat affects also widely used storage platforms from vendors like Cisco and NetApp, which rely on Erlang-based components. 

Commvault: Confirmed Exploitation in the Wild 

On April 28, two newly disclosed Commvault vulnerabilities—CVE-2025-34028 and CVE-2025-3928—have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. These flaws allow remote code execution (RCE) and persistent webshell access, putting enterprise data protection and disaster recovery processes at serious risk. 

• CVE-2025-34028 (CVSS 10.0): An unauthenticated ZIP file path traversal vulnerability enabling RCE. 

• CVE-2025-3928: Allows authenticated attackers to deploy persistent backdoors via webshells. 

Broadcom (Brocade) Fabric OS: Privilege Escalation to Root Access 

Also appearing in CISA’s KEV Catalog on April 28, CVE-2025-1976 affects Brocade’s SAN switches and directors. This flaw enables an admin-level user to escalate privileges and gain full root access to the operating system, allowing arbitrary command execution and manipulation of the Fabric OS. 

New Industry Report Reveals Widespread Risk 

Last week, Continuity released its third annual analysis: “The 2025 Security Maturity of Storage & Data Protection Systems.” The study assessed 323 enterprise environments encompassing 11,435 storage and backup systems across top vendors such as Dell, NetApp, Rubrik, Cohesity, Veritas, Hitachi Vantara, Pure, IBM, and others. 

Key Findings: 

• 6,085 distinct security issues uncovered—spanning over 390 failed security principles 

• On average, each storage and backup system contains 10 security risks, 5 of which are classified as high or critical 

• The most common risk areas include: 
  • Authentication & identity management 
  • Unaddressed CVEs 
  • Encryption misconfigurations
  • Access control & authorization gaps 
  • Improper use of ransomware protection features 

This data reinforces the growing reality that most enterprise environments remain significantly under-secured at the data protection layer, despite mounting threats. 

The Trend: Targeting Storage and Backup as a Primary Attack Vector 

Attackers are zeroing in on storage and backup systems as prime targets. Why? Because these systems are the last line of defense for data storage and business continuity—and compromising them disables recovery, facilitates ransomware extortion, and opens pathways to broader lateral movement. 

One high-profile example: the largest data breach in history at UnitedHealth, where attackers successfully disabled the backup environment, preventing data recovery and causing months-long operational disruption. 

Why Storage and Backup Systems Are High-Value Targets 

Storage and backup systems are foundational to enterprise data resilience. By compromising them, attackers can: 

• Neutralize recovery capabilities (especially in ransomware attacks) 

• Exfiltrate sensitive data 

• Destroy or corrupt primary data or backup data copies 

• Use these platforms as stealthy pivot points to compromise broader IT environments 

Despite their criticality, these systems are often under-secured. Many security teams lack visibility, tooling, or expertise to adequately defend them. 

Conclusion: The Back-End is Now Front-Line 

The recent wave of actively exploited vulnerabilities is a stark reminder: storage and backup systems are not just infrastructure—they’re high-value assets under direct attack. It’s time they receive the same security scrutiny and operational rigor as front-line systems. Tools like StorageGuard are critical in bridging this gap and defending one of the most vulnerable layers of the modern enterprise.