Rapid Remediation: How Ekco Tackled the Latest Veeam Vulnerability
By Neal Smyth, Head of Backup and DR
In September last year, a major vulnerability in Veeam Backup & Replication required an extensive and complex remediation effort, with over 250 hours invested in patching, communications, and risk assessments. At the time, our response highlighted the challenges of securing large-scale backup environments, especially across multi-tenant infrastructures. Previous Blog Post.
Fast forward to last week, and another Veeam vulnerability was flagged CVE-2025-23120 by security researchers at watchTowr – article here. This time, the situation was different, our processes were more refined, our response more agile, and remediation was completed much faster. While it still required significant focus, the structured approach we implemented following last year’s incident enabled us to act with greater efficiency, minimising impact across our managed environments.
Ekco’s Rapid Response: Lessons Learned and Applied
As soon as the latest Veeam vulnerability was identified, Ekco once again mobilised a cross-functional team of Backup & DR Specialists, Security Engineers, and Platform Experts. This time, however, we were able to execute an even faster response due to improved detection capabilities, automation, and a more refined patching process.
Key actions taken:
- Immediate prioritisation of high-risk assets – Internet-exposed and critical production environments were patched within hours.
- More efficient patching execution – Unlike last September’s incident, where remediation efforts spanned above a week and required over 250 hours, this time our structured approach allowed us to complete patching in a matter of days with a significantly lower time investment.
- Enhanced customer communication – We proactively engaged with managed clients, keeping them informed at every step, while also reaching out to non-managed customers with clear guidance on securing their Veeam environments.
- Lessons learned from September applied – Our multi-tenant infrastructure patching process has been further refined, reducing complexities and ensuring faster application of security updates.
While our response was much faster than in September 2024, this vulnerability still required concentrated effort, reinforcing the need for continuous improvement in patch management and risk mitigation strategies.
Challenges and Key Takeaways
Despite our rapid response, there is always room for further improvement:
- Balancing Speed and Stability – Rapid patching is critical, but ensuring stability post-update remains a key focus. While we improved testing and validation since last September, some isolated cases still required post-patch adjustments.
- Evolving Multi-Tenant Security – Managing patches across complex, multi-tenant environments remains a challenge, but we have made notable progress in minimising impact while ensuring security.
- Continuous Process Refinement – Every incident, whether major like last September or swiftly handled like this latest case, reinforces the need for ongoing process improvement. Our goal is to further automate and streamline our response framework to ensure even greater efficiency in the future.
Detection and Ongoing Protection with watchTowr
Ekco has fully patched its managed environments, but if you’re unsure whether your Veeam systems are secure, now is the time to act.
Through our partnership with watchTowr, Ekco offers real-time attack surface management (ASM) and vulnerability detection capabilities as part of our security monitoring services. The latest Veeam flaw is included within watchTowr’s detection framework, enabling businesses to assess exposure and act swiftly.
Our services include:
- Vulnerability detection & assessment – Identify whether your backup infrastructure is at risk.
- Custom risk analysis – Tailored insights into your security posture and recommended actions.
- 24/7 real-time monitoring – Proactive alerting for emerging threats and vulnerabilities.
- Expert remediation support – Direct access to Ekco engineers for immediate mitigation guidance.
With cyber threats evolving constantly, having the right detection and response strategy is critical. If you require assistance securing your Veeam Backup & Replication environment or need a comprehensive security assessment, our team is ready to help.
Stay Secure – Take Action Now
Ekco remains committed to delivering robust, secure, and resilient backup services to our customers. If you have concerns about your Veeam deployment or need expert advice on the latest vulnerability, reach out today.
Right now, we are also offering a FREE, no obligation, proof of value assessment on your organisation’s external digital environment. You have nothing to lose and a fantastic opportunity to confirm that your organisation in great shape from a security posture perspective. Do reach out if you want to take advantage of what is a pretty special offer!
Secure your systems and stay ahead of emerging threats – contact Ekco for a consultation on your backup security strategy

Question?
Our specialists have the answer