Myota Blog

Critical Veeam Flaws Allow Immutable Backup Compromise

Written by Kevin Hutchison | Jun 18, 2025 8:05:09 PM

Veeam recently has disclosed critical security flaws (CVSS up to 9.9) that allow malicious actors - including insiders or compromised accounts - to take full control of backup infrastructure.

Specifically, attackers can:

  • Remotely execute code using any valid domain account (CVE‑2025‑23121)
  • Run malicious scripts by manipulating backup jobs (CVE‑2025‑24286)
  • Escalate privileges through Veeam agents (CVE‑2025‑24287)
If exploited, these vulnerabilities could lead to:
  • Loss of visibility and control over backups
  • Unauthorized access, data theft, or permanent deletion
  • Inability to restore from ransomware or insider sabotage
  • Serious compliance violations across regulated industries

Veeam has released patches in response, but as any security leader knows, staying secure and resilient demands rapid response and ongoing hardening. These vulnerabilities highlight a deeper issue: traditional backup systems are inherently exposed. They depend on trusting infrastructure that is itself vulnerable - whether through access management, misconfiguration or delayed patching. Where traditional systems like Veeam are constantly defending a vulnerable perimeter, Myota removes the attack surface altogether. The result is a storage and recovery system that’s far more secure and significantly more cost-effective.

  • No privileged access: Myota eliminates single points of compromise. Attackers can't reconstruct data, even if one system is breached.
  • Immutable, mathematically shredded storage: Data is fragmented and distributed in a way that makes it useless to intruders.
  • Isolated recovery environment: Unlike Veeam, Myota doesn't require trust in backup server or agents.
  • Lower storage costs: Myota removes the need for full backup duplication across locations, significantly reducing storage costs.
  • Lower operational risk & overhead: No patching race to secure backup servers. Myota is resilient by architecture, not just configuration.

Want to learn more about how Myota can remove your attack surface entirely while cutting infrastructure costs and simplifying recovery? Book a meeting with our team.

If you'd like to see for yourself how much Myota can save you on storage costs - you can also try our new cost savings tool HERE.

-Kevin Hutchison, Chief Commercial Officer @ Myota
View full post