Product Security
Learn about the end-to-end data protection built into our firmware, hardware, and processes.
Security is woven into the fabric of everything we build—empowering our customers with trustworthy data storage solutions that protect what matters most. Seagate products are engineered to stand strong against cyber threats—built with secure features, hardened manufacturing, and secure-by-design principles. Our robust public key infrastructure and certified cryptographic services safeguard data at every stage. With ongoing resilience testing and ISO 20243 product security certification, we ensure a trusted lifecycle from production to deployment.
At Seagate, we’re deeply committed to protecting the security of our products and services—and the privacy of our customers, employees, suppliers, and partners. We welcome the responsible disclosure of potential vulnerabilities across our technologies and platforms.
In today’s data-driven world, information is one of your most valuable business assets—and it demands protection. That’s why security experts advocate for a comprehensive approach that combines both hardware- and software-based encryption. As storage performance and accessibility accelerate, encrypting every bit of your business data isn’t just best practice—it’s essential.
Last Update Date | Title | CVE | Products And Versions Affected | Remediation and/or Mitigation | Patch Release Date |
---|---|---|---|---|---|
9/24/2025 | Seagate Toolkit Installer Vulnerability on Windows | CVE-2025-9267 | Seagate Toolkit for Windows versions 2.35.0.5 and lower | As of Toolkit version 2.35.0.6 for Windows, the path used by the installer to load DLLs has secure validation to prevent execution of untrusted DLLs. If Toolkit is installed on a computer with internet access, it will automatically be updated to the latest version of Toolkit after Sept 24, 2025. Toolkit with a fix is also available for download |
9/24/2025 |
8/13/2025 | Seagate Toolkit for Windows With Unquoted Element Vulnerability | CVE-2018-25032 | Seagate Toolkit for Windows version 2.34.0.32 and lower | As of Toolkit version 2.34.0.33 for Windows, the executable path for the Toolkit service is quoted to prevent the exploit described in CWE-428. If Toolkit is installed on a computer with internet access, it will automatically be updated to the latest version of Toolkit after August 13th, 2025. Toolkit with a fix is also available for download |
8/13/2025 |
9/20/2024 | RAID Enabled SeaDragon and SeaChest zlib Vulnerabilities | CVE-2022-37434 CVE-2018-25032 |
RAID enabled SeaChest and SeaDragon Some versions of RAID enabled SeaDragon and SeaChest use a third-party RAID library that contains zlib vulnerabilities.The build dates for the affected versions are as follows: Build dates for SeaDragon__<ToolName>_R and SeaChest_<ToolName>_R: April 8 - 15, 2022 July 26 - Aug 4, 2022 March 2 - 9, 2023 March 28 - April 4, 2023 Running the tool with the following command will display the build date and ""RAID Enabled"" in the banner: --version |
RAID enabled SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R with a build date of December 4, 2023, and later have remediated the vulnerabilities for the following: Microchip, PMC and HPE SmartRAID or SmartHBA Controllers. - Latest version of SeaChest - For the latest version of SeaDragon, contact your Seagate Customer Support Engineer At this time, Windows versions of SeaDragon and SeaChest released December 4, 2023, or later do not support Adaptec Controllers Series 8. There is not a current workaround for these controllers on Windows. |
12/4/2023 |
7/23/2024 | Exos X Hybrid Storage Arrays with OpenSSH Vulnerabilities | CVE-2023-48795 | Exos X 3005 Hybrid Storage Arrays Exos X 4005 Hybrid Storage Arrays Exos X 5005 Hybrid Storage Arrays |
Vulnerability is exploited with specific ciphers: there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). Mitigations by removal of the ciphers can done on either server side or client side to be effective. For the client side, an end user can remove the two ciphers from the default offered ciphers. For the server side, Exos X firmware G280R014-01 will not be remediated. |
Products are EOL. Fix and intercept with future planned release. This column will be updated if a fix becomes available. |
8/29/2023 | Backup Plus Desktop Denial of Service | CVE-2022-38392 | Seagate Backup Plus Desktop 4TB (STDT4000100) | Seagate products are designed to operate within defined acoustic, shock, and vibration tolerances. Exceeding defined tolerances, as stated in the product specifications, may cause product failures and void the product warranty. Users should ensure the products operate in an environment that meets Seagate's operating environment specifications | 8/29/2023 |
6/25/2021 | LaCie Products Chain of Vulnerabilities Using Pre-Auth Remote Code Execution | Pre-Auth Remote Code Execution (RCE) Vulnerability | LaCie Cloudbox | 2.6.11.1 (Cloudbox) | 6/17/2021 |
6/25/2021 | LaCie Products Chain of Vulnerabilities Using Pre-Auth Remote Code Execution | Pre-Auth Remote Code Execution (RCE) Vulnerability | NetworkSpace 2 Products:
|
2.2.12.3 | 6/17/2021 |
6/15/2016 | LaCie and NAS with Samba Vulnerablities | CVE-2016-2118 - (a.k.a Badlock) | LaCie 5Big NAS Pro LaCie 2Big NAS LaCie Cloudbox |
4.2.11.1 4.2.11.1 2.6.11.0 |
6/15/2016 |
6/15/2016 | LaCie and NAS with Samba Vulnerablities | CVE-2016-2118 - (a.k.a Badlock) | Seagate NAS Seagate NAS Pro Seagate Business Storage Rackmount 4-Bay NAS Segate Business Storage Rackmount 8-Bay NAS |
Download Finder | 6/15/2016 |
5/1/2015 | NAS Product with PHP Vulnerabilities | CVE-2006-7243 CodeIgniter 2.1.0 PHP 5.2.3 and other exploits |
Seagate Business Storage NAS | Business Storage NAS- Increasing Security | 5/1/2015 |
9/1/2015 | Seagate Wireless,Wireless Plus and LaCie Fuel Vulnerabilities Around Executing Arbitrary Code, Reading Arbitrary Files or Obtaining Admin Access | CVE-2015-2876 CVE-2015-2875 CVE-2015-2874 |
Seagate Wireless,Wireless Plus and LaCie Fuel | Download Finder | 9/1/2015 |
Dive into Seagate security-focused articles, where we share the latest trends, best practices, and expert insights to help safeguard your data. Stay updated on the evolving landscape of product security, vulnerabilities, and solutions designed to keep your information protected.
Seagate stays up to date on the latest industry security standards. These are the certifications Seagate has attained for its products.
Seagate demonstrates a steadfast commitment to data sanitization, cryptographic protection and supply chain integrity through compliance with the following standards.
Seagate follows rigorous data sanitization practices to protect customer data on used drives and systems. Our certified software erasure tools and processes meet the PURGE level of the IEEE 2883 Standard for Sanitizing Storage.
We collaborate with organizations across the industry to share knowledge while also giving back to the community.
OCP is a collaborative community focused on redesigning hardware technology to efficiently support the growing demands on compute infrastructure.
The Open Group is a global consortium that seeks to enable the achievement of business objectives by developing open, vendor-neutral technology standards and certifications.
TCG is a non-profit that develops, defines, and promotes open, vendor-neutral, global industry standards supportive of a hardware-based root of trust, for interoperable trusted computing platforms.
The Linux Foundation is a non-profit dedicated to supporting Linux development and open-source software projects.
CVE Program provides a standardized system for identifying, documenting, and sharing publicly known cybersecurity vulnerabilities to help organizations assess and mitigate risk. CVE Numbering Authority assigns CVE IDs to newly discovered vulnerabilities.
The Forum of Incident Responders & Security Teams (FIRST) enables incident response teams to more effectively respond to security incidents, both reactively and proactively.
SNIA is a non-profit organization that creates global standards and specifications to advance technologies in data storage, transfer, infrastructure, acceleration, formats, and protection.
CDI is a partnership of global leaders in digital storage, data centers, sustainability, and blockchain collaborating to reduce e-waste by enabling, driving, and promoting the secure reuse of storage hardware.