← Retour aux CVEs
CVE-2025-3928
HIGHCISA KEV8.8
Description
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie4/25/2025
Derniere modification10/31/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurCommvault
ProduitWeb Server
Nom vulnerabiliteCommvault Web Server Unspecified Vulnerability
Date ajout KEV2025-04-28
Date limite remediation2025-05-19
Utilise dans ransomwareUnknown
Produits affectes
commvault:commvaultlinux:linux_kernelmicrosoft:windows
References
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/customer-security-update(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/notice-security-advisory-update(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/security-advisory-march-7-2025(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.