The New Battleground: Why Storage and Backup Systems Are Now Top Targets for Cyber Threats
About Continuity™
StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.
Surge in Actively Exploited Vulnerabilities In Storage and Backup Systems
In the past two months, enterprise storage and backup systems have seen a significant increase in targeted cyberattacks, marked by an alarming rise in actively exploited vulnerabilities across leading storage and data protection platforms. In recent years, Veeam and Veritas exploited vulnerabilities in the news, now other enterprise vendors are impacted as well. This surge highlights the urgent need for security teams to reassess and strengthen their storage and backup infrastructure to defend against evolving threats.
Most recently, two critical vulnerabilities in Commvault software—CVE-2025-34028 and CVE-2025-3928—have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, signaling confirmed active exploitation in the wild. These vulnerabilities directly threaten the integrity and availability of enterprise data protection environments. CVE-2025-34028 with a CVSS score of 10.0, is a critical unauthenticated path traversal vulnerability affecting Commvault Command Center Innovation. It allows an unauthenticated attacker to upload ZIP files which, when unpacked by the target server, result in remote code execution (RCE). CVE-2025-3928 affects all supported versions of the Commvault , enabling an authenticated attacker to create and execute webshells remotely, opening pathways for persistent unauthorized access. Organizations using Commvault must act immediately to assess their exposure and remediate vulnerable systems before attackers can exploit these flaws to gain unauthorized access to critical backup infrastructure.
Brocade SAN Infrastructure is also under attack. A vulnerability in Brocade Fabric OS (CVE-2025-1976) has also been added to CISA’s KEV Catalog. This flaw affects Brocade SAN directors and switches running Fabric OS. CVE-2025-1976 allows an authenticated admin-level user to escalate privileges and execute arbitrary code with full root access, enabling them to execute any Fabric OS command, modify the operating system itself and Inject unauthorized subroutines. A compromise of Brocade SAN infrastructure can disrupt storage operations, enable unauthorized access to sensitive data, and facilitate lateral movement into other critical systems.
This wave of exploits continues a troubling trend affecting storage and backup platforms, with other vendors such as Veeam, Veritas, MinIO, and Nakivo also targeted in recent campaigns. Attackers are increasingly focusing on these specialized systems to exfiltrate data and cripple enterprise operations—a trend that shows no sign of slowing. Unfortunately, many information security teams lack the tools and expertise to effectively harden and secure these critical environments.
Recent cyberattacks have further exposed these gaps. In one notable breach affecting one of the largest healthcare organizations in the U.S., attackers succeeded in corrupting backup systems, leaving the organization unable to recover data and facing prolonged service disruptions that lasted for months.
Storage and Backup Systems Are High-Value Targets
Backup and storage infrastructure is increasingly targeted by attackers aiming to disrupt critical data protection capabilities. By compromising these systems, adversaries seek to disable recovery paths—often as part of ransomware attacks—steal or manipulate sensitive backup data, and leverage storage platforms as a foothold to move laterally into broader IT environments. This growing focus on storage and backup systems underscores their importance as a key layer of the enterprise attack surface that must be actively secured and monitored.
Commvault provides enterprise-grade solutions for backup, recovery, data protection, and disaster recovery across physical, virtual, and cloud environments. It ensures business continuity by enabling reliable recovery from data loss, cyberattacks, ransomware, and system failures. As a critical data protection platform, Commvault requires strong security controls, regular updates, and proactive vulnerability management to safeguard sensitive enterprise data.
Brocade SAN directors and switches are the backbone of enterprise storage area networks (SANs), managing high-speed, secure data traffic between servers and storage systems. A compromise of these devices could not only disrupt operations but also enable attackers to manipulate or exfiltrate sensitive data in transit.
The sharp rise in actively exploited vulnerabilities targeting storage and backup systems is a critical reminder that these assets must be prioritized in security strategies—not overlooked as back-end infrastructure.
Assessment & Remediation using StorageGuard
StorageGuard is the industry’s first dedicated security hardening and vulnerability management platform purpose-built for enterprise storage, backup, and SAN environments. It scans, detects, and prioritizes vulnerabilities, misconfigurations, and compliance gaps across multi-vendor storage and backup systems, enabling organizations to proactively secure their critical data infrastructure. By bridging the security visibility gap in storage and backup layers, StorageGuard empowers IT and security teams to identify and remediate risks before they impact data availability, integrity, or confidentiality—strengthening an often-overlooked but vital part of the enterprise attack surface.
StorageGuard enables organizations to swiftly assess and remediate vulnerabilities across their storage and backup infrastructure by providing continuous scanning, detection, and actionable insights. By updating the StorageGuard Vulnerability Knowledgebase with the latest intelligence, security teams can ensure their scans detect the most recent threats affecting platforms like Commvault and Brocade. StorageGuard’s targeted vulnerability scans help identify exposed systems, guiding teams to prioritize and apply critical software updates to remediate risks. Once patches are applied, StorageGuard facilitates verification by rescanning and confirming that vulnerabilities have been resolved.
Beyond vulnerability management, StorageGuard also performs secure configuration analysis, allowing organizations to assess their Commvault and Brocade environments against security best practices, review baseline configuration findings, and implement hardening measures to reduce the risk of future attacks.
References
- Known Exploited Vulnerabilities Catalog | CISA
- CVE Record: CVE-2025-34028
- CV_2025_04_1
- StorageGuard | Secure storage & backups for complete data protection
- CVE Record: CVE-2025-3928
- CV_2025_03_1
- Notice: Security Advisory | Blog
- Message from Commvault Bot
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
- GitHub – watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
- Commvault Releases Security Updates for Command Center – NHS England Digital
- CVE Record: CVE-2025-1976
- Known Exploited Vulnerabilities Catalog | CISA
- Broadcom support portal: BSA-2025-2930
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
- Exploitable Storage and Backup Vulnerabilities: A Growing Threat to Enterprise Security – Continuity™
Talk To An Expert
It’s time to automate the secure configuration of your storage & backup systems.