Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems
Enterprise storage and backup systems have become a high-priority target for cybercriminals. In the last two months alone, there has been a dramatic escalation in the discovery—and exploitation—of critical vulnerabilities across leading storage and data protection platforms. With past attention focused on vendors like Veeam and MinIO, the threat landscape has now broadened to include major enterprise players such as IBM, Veritas, HPE, Dell, Commvault, and Broadcom.
Critical Vulnerabilities Emerge Across Leading Vendors
IBM: Privilege Escalation in BRMS
On June 16, IBM disclosed a severe flaw in its Backup, Recovery, and Media Services (BRMS). The vulnerability enables low-privileged users to execute arbitrary, user-controlled code with elevated system access—potentially compromising the host’s operating system and exposing enterprise infrastructure to systemic risk.
HPE: Remote Code Execution in StoreOnce
On June 6, HPE announced several vulnerabilities in its StoreOnce software. These flaws allow remote attackers to bypass authentication, run malicious code, and extract sensitive enterprise data. The risk spans both data compromise and operational disruption.
Dell: Full Filesystem Access in PowerScale OneFS
Also on June 6, Dell reported two serious vulnerabilities in its PowerScale OneFS storage OS. The most severe allows unauthenticated attackers to gain full, unauthorized access to enterprise file systems—jeopardizing data integrity and confidentiality at scale.
CISA Flags CVE-2025-32433: Impacting Cisco and NetApp
On June 10, the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert for a critical vulnerability in Erlang/OTP’s SSH implementation. This zero-auth flaw enables remote command execution. The threat affects widely used storage platforms from vendors like Cisco and NetApp, which rely on Erlang-based components.
Commvault: Confirmed Exploitation in the Wild
On April 28, two newly disclosed Commvault vulnerabilities—CVE-2025-34028 and CVE-2025-3928—have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. These flaws allow remote code execution (RCE) and persistent webshell access, putting enterprise data protection and disaster recovery processes at serious risk.
- CVE-2025-34028 (CVSS 10.0): An unauthenticated ZIP file path traversal vulnerability enabling RCE.
- CVE-2025-3928: Allows authenticated attackers to deploy persistent backdoors via webshells.
Broadcom (Brocade) Fabric OS: Privilege Escalation to Root Access
Also appearing in CISA’s KEV Catalog on April 28, CVE-2025-1976 affects Brocade’s SAN switches and directors. This flaw enables an admin-level user to escalate privileges and gain full root access to the operating system, allowing arbitrary command execution and manipulation of the Fabric OS.
New Industry Report Reveals Widespread Risk
Last week, Continuity released its third annual analysis: “The 2025 Security Maturity of Storage & Data Protection Systems.” The study assessed 323 enterprise environments encompassing 11,435 storage and backup systems across top vendors such as Dell, NetApp, Rubrik, Cohesity, Veritas, Hitachi Vantara, Pure, IBM, and others.
Key Findings:
- 6,085 distinct security issues uncovered—spanning over 390 failed security principles
- On average, each storage and backup system contains 10 security risks, 5 of which are classified as high or critical
- The most common risk areas include:
- Authentication & identity management
- Unaddressed CVEs
- Encryption misconfigurations
- Access control & authorization gaps
- Improper use of ransomware protection features
This data reinforces the growing reality that most enterprise environments remain significantly under-secured at the data protection layer, despite mounting threats.
Source: Continuity Software
The Trend: Targeting Storage and Backup as a Primary Attack Vector
Attackers are zeroing in on storage and backup systems as prime targets. Why? Because these systems are the last line of defense for business continuity—and compromising them disables recovery, facilitates ransomware extortion, and opens pathways to broader lateral movement.
One high-profile example: the largest data breach in history at UnitedHealth, where attackers successfully disabled the backup environment, preventing data recovery and causing months-long operational disruption.
Source: Continuity Software
Why Storage and Backup Systems Are High-Value Targets
Storage and backup systems are foundational to enterprise data resilience. By compromising them, attackers can:
- Neutralize recovery capabilities (especially in ransomware attacks)
- Exfiltrate sensitive backup data
- Use these platforms as stealthy pivot points to compromise broader IT environments
Despite their criticality, these systems are often under-secured. Many security teams lack visibility, tooling, or expertise to adequately defend them.
Conclusion: The B ack-End is Now Front-Line
The recent wave of actively exploited vulnerabilities is a stark reminder: storage and backup systems are not just infrastructure—they’re high-value assets under direct attack. It’s time they receive the same security scrutiny and operational rigor as front-line systems. Tools like StorageGuard are critical in bridging this gap and defending one of the most vulnerable layers of the modern enterprise.
About the Author
Yaniv Valik is the VP Product Management at Continuity. He runs Product Management a Continuity – a leading Cyber Resiliency provider, helping enterprises secure their storage, backup, and data protection systems. Among Continuity’s customers are the world’s largest financial services firms and Fortune 500 enterprises.
Yaniv is one of the co-authors of NIST Special Publication 800-209 – ‘Security Guidelines for Storage Infrastructure’, as well as the recent ISO 27040 – ‘Storage Security’ standard.
Yaniv can be reached online at [email protected] and at https://www.continuitysoftware.com/.
