← Volver a CVEs
CVE-2025-3928
HIGHCISA KEV8.8
Descripcion
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/25/2025
Ultima modificacion10/31/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorCommvault
ProductoWeb Server
Nombre vulnerabilidadCommvault Web Server Unspecified Vulnerability
Fecha inclusion KEV2025-04-28
Fecha limite remediacion2025-05-19
Uso en ransomwareUnknown
Productos afectados
commvault:commvaultlinux:linux_kernelmicrosoft:windows
Referencias
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/customer-security-update(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/notice-security-advisory-update(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/security-advisory-march-7-2025(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.