← Voltar para CVEs
CVE-2025-3928
HIGHCISA KEV8.8
Descricao
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/25/2025
Ultima modificacao10/31/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorCommvault
ProdutoWeb Server
Nome da vulnerabilidadeCommvault Web Server Unspecified Vulnerability
Data inclusao KEV2025-04-28
Prazo de remediacao2025-05-19
Uso em ransomwareUnknown
Produtos afetados
commvault:commvaultlinux:linux_kernelmicrosoft:windows
Referencias
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/customer-security-update(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/notice-security-advisory-update(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.commvault.com/blogs/security-advisory-march-7-2025(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.