CVE-2025-3928 - Commvault Web Server Unspecified Vulnerability

Vulnerability Name

Commvault Web Server Unspecified Vulnerability

Description

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html

https://www.commvault.com/blogs/notice-security-advisory-update

https://nvd.nist.gov/vuln/detail/CVE-2025-3928

Related News Articles

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom EspionageAugust 22, 2025

CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsMay 23, 2025

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation ConfirmedMay 6, 2025

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure BreachMay 1, 2025

Commvault says recent breach didn't impact customer backup dataMay 1, 2025