CVE ID
CVE-2025-3928
Vulnerability Name
Commvault Web Server Unspecified Vulnerability
- Project: Commvault
- Product: Web Server
Date
- Date Added: 2025-04-28
- Due Date: 2025-05-19
Description
Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html; https://www.commvault.com/blogs/notice-security-advisory-update; https://nvd.nist.gov/vuln/detail/CVE-2025-3928
Related Security News
- Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
- CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
- Commvault says recent breach didn't impact customer backup data
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
Top comments (0)