commvault News Articles
Recent news articles refferecing the vendors vulnerabilities.
The Hacker NewsCVE-2025-3928CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
Commvault app secrets exposed via CVE-2025-3928 in Azure; CISA warns of broader SaaS campaign
1 month ago
Commvault: Vulnerability Patch Works as Intended
The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.
CISA (.gov)CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
Researcher Says Fixed Commvault Bug Still Exploitable
CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.
The Hacker NewsCVE-2025-34028Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
CISA adds CVE-2025-34028 to KEV list after real-world exploits, forcing federal patching by May 23.
Critical Commvault Vulnerability in Attacker Crosshairs
CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released.
The Hacker NewsCVE-2025-3928Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
Commvault confirms Azure breach via CVE-2025-3928 zero-day + no data loss + CISA mandates patch by May 19.
Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment
After CVE-2025-3928 was exploited as a zero-day, Commvault shares attack details, IoCs, and best practices to lock down systems.
Commvault says recent breach didn't impact customer backup data
Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data.
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks.
Help Net SecurityCVE-2025-3928CISA warns about actively exploited Broadcom, Commvault vulnerabilities - Help Net Security
CISA has added three new flaws to its Known Exploited Vulnerabilities catalog, affecting Commvault, Active! Mail, and Broadcom solutions.
CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
CISA has issued a new security warning about a critical vulnerability affecting the Commvault Web Server, built into one of the industry’s leading data protection platforms.
CybersecurityNewsCVE-2025-3928CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
CISA has issued a new security warning about a critical vulnerability affecting the Commvault Web Server, built into one of the industry’s leading data protection platforms.
GBHackers NewsCVE-2025-3928CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning a newly disclosed security flaw in the Commvault Web Server.
HackreadCVE-2025-34028Critical Commvault Flaw Allows Full System Takeover - Update NOW
Enterprises using Commvault Innovation Release are urged to patch against CVE-2025-34028. This flaw allows attackers to run code remotely.
The Cyber ExpressCVE-2025-34028CSA Warns Of Commvault Vulnerability (CVE-2025-34028)
The Cyber Security Agency of Singapore (CSA) has warned users of critical Commvault vulnerability (CVE-2025-34028), urging immediate action.
Cyber Security Agency of SingaporeCVE-2025-34028Critical Vulnerability in Commvault Command Center
Commvault has released security updates addressing a critical vulnerability affecting their Command Center installation.
Max-Severity Commvault Bug Alarms Researchers
Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.
Infosecurity MagazineCVE-2025-34028Highest-Risk Security Flaw Found in Commvault Backup Solutions
A critical path traversal vulnerability in Commvault’s backup and replication solutions has been reported
GBHackers NewsCVE-2025-34028Commvault RCE Vulnerability Exploited—PoC Released
The disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in Commvault’s on-premise backup and recovery software.
Help Net SecurityCVE-2025-34028Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security
A critical Commvault Command Center vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution has been fixed.
The Hacker NewsCVE-2025-34028Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
Commvault flaw CVE-2025-34028 enables pre-auth SSRF leading to code execution; fix in 11.38.20+ versions.