Web Server Vulnerability in Commvault Affects Remote User Security
CVE-2025-3928
Key Information:
- Vendor
- Commvault
- Status
- Web Server
- Vendor
- CVE Published:
- 25 April 2025
Badges
What is CVE-2025-3928?
CVE-2025-3928 is a vulnerability found in the Commvault Web Server, which is a component of Commvault's data protection and management software. This software is commonly used by organizations to manage backups, recover data, and ensure secure data storage operations. The vulnerability allows a remote, authenticated attacker to potentially compromise the web server via webshells, posing a significant risk to the security and integrity of an organization’s data and systems. If exploited, this could lead to unauthorized access and control, undermining the trust placed in the software for safeguarding sensitive information.
Technical Details
The vulnerability, described as unspecified, enables attackers to execute malicious webshells on the Commvault Web Server. This exploitation route is particularly alarming because it allows an attacker who has already authenticated to gain elevated access, which could enable them to manipulate web server functionalities or access sensitive data stored within the environment. The affected versions are those prior to the patched versions released, including 11.20.217, 11.28.141, 11.32.89, and 11.36.46, applicable to both Windows and Linux platforms. Organizations are strongly advised to apply necessary updates to mitigate the risk associated with this vulnerability.
Potential impact of CVE-2025-3928
-
Unauthorized Access: The ability for attackers to execute webshells could allow them to gain unauthorized control over the web server, potentially exposing critical data to unauthorized individuals.
-
Data Compromise: Exploitation of the vulnerability can lead to significant data breaches, as attackers may access and exfiltrate sensitive information stored within the backup and data management systems.
-
Operational Disruption: A successful attack could disrupt normal operations of the Commvault system, impacting backup and recovery processes and potentially leading to extended downtimes for organizations relying on these services for data protection.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Web Server 11.36.0 < 11.36.46
Web Server 11.32.0 < 11.32.89
Web Server 11.28.0 < 11.28.141
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
The Hacker NewsCVE-2025-3928Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
Commvault confirms Azure breach via CVE-2025-3928 zero-day + no data loss + CISA mandates patch by May 19.
2 days ago
Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment
After CVE-2025-3928 was exploited as a zero-day, Commvault shares attack details, IoCs, and best practices to lock down systems.
2 days ago
Commvault says recent breach didn't impact customer backup data
Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data.
2 days ago
References
EPSS Score
35% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 📈
Vulnerability started trending
- 📰
First article discovered by GBHackers News
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published