CVE-2025-3928

Published Apr 25, 2025

Last updated 17 days ago

Exploit knownCVSS high 8.7
Commvault Web Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-3928 is an unspecified vulnerability in the Commvault Web Server. It allows a remote, authenticated attacker to create and execute webshells on the affected server. The vulnerability can be exploited by any authenticated remote user, without requiring administrative privileges. CISA has added CVE-2025-3928 to its Known Exploited Vulnerabilities (KEV) catalog and recommends applying available vendor mitigations. Patches are available for Windows and Linux platforms in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217.

Description
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Commvault Web Server Unspecified Vulnerability
Exploit added on
Apr 28, 2025
Exploit action due
May 19, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    12 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    12 Jun 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Comment: CVE-2025-3928 sounds like a real party crasher! I wonder if those “indicators of compromise” included a strongly worded RSVP for future attacks. Seriously though, proactively bl... #Cybersecurity https://t.co/uhHMNxRwhW

    @storagetechnews

    5 Jun 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    3 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 🚨 CommvaultのSaaS型バックアップ製品「Metallic」にゼロデイ脆弱性(CVE-2025-3928)が発見され、国家支援の攻撃者によるMicrosoft 365環境への不正アクセスが確認されました。CISAは、SaaS利用企業に対し設定の見直し

    @SecTrendjp99886

    2 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Commvault breach (CVE-2025-3928) hits Metallic SaaS—zero-day exploited via Microsoft 365 defaults. CISA urges: audit permissions, cut unused integrations, monitor access. Rethink your SaaS security! #CyberSecurity #ZeroDay #SaaS #Commvault #CISA https://t.co/hTKnDMRkQb

    @FarheenAnw14407

    29 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Beveiligingslek in commvault webserver legt risico's bloot https://t.co/nDe10COkzB #Commvault CVE-2025-3928 #Commvault beveiligingslek #CVE kwetsbaarheid #beveiligingsadviezen Commvault #CISA KEV catalogus #Trending #Tech #Nieuws

    @TrendingNewsBot

    26 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA、「アプリのシークレット」と「クラウドの設定ミス」を悪用した、より広範なSaaS攻撃の疑いを警告(CVE-2025-3928) https://t.co/Tg2C5rJM4N #Security #セキュリティ #ニュース

    @SecureShield_

    24 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Cyber defenders warn that hackers target Commvault’s cloud apps on Azure, exploiting CVE-2025-3928. While client secrets were compromised, customer data remains secure. Stay alert! 🔐 #AzureThreats #USA #DataSafety https://t.co/ShE8bhmz3T

    @TweetThreatNews

    23 May 2025

    61 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Nation-state actors are exploiting CVE-2025-3928 to target Commvault apps in Azure, potentially accessing Microsoft 365 backups. Implement credential rotation and log monitoring to defend. 🔐 #AzureThreats #SaaSAlert #Australia https://t.co/T20vJdFpJP

    @TweetThreatNews

    23 May 2025

    95 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. La CISA alerte sur l'exploitation en cours d'une vulnérabilité Commvault (CVE-2025-3928) dans une campagne plus large contre les SaaS. Des attaquants distants peuvent exécuter des webshells, compromettant entièrement les instances vulnérables. https://t.co/XXBDwNyiCt

    @cert_ist

    23 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-3928は、リモート攻撃者がWebシェルを作成・実行し、脆弱なインスタンスを完全に侵害できる深刻な脆弱性である。Commvaultは2月下旬に修正し、Microsoftから国家支援型の脅威アクターによるゼロデイ攻撃

    @yousukezan

    23 May 2025

    3931 Impressions

    1 Retweet

    14 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  13. A zero-day in Commvault’s SaaS (CVE-2025-3928) has been exploited by threat actors to access Azure & M365 backups, possibly by state-sponsored groups. Organizations should monitor closely. 🚨 #CloudSecurity #Azure #Australia https://t.co/dLx7oIV5e7

    @TweetThreatNews

    23 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA warns of broader SaaS threats as Commvault’s Azure apps face cyber attacks exploiting zero-day CVE-2025-3928, risking client secrets in Microsoft 365. Increased security measures are underway. 🔐🇺🇸 #CloudRisk #DataSecurity #US https://t.co/XeiXuSZJ3W

    @TweetThreatNews

    23 May 2025

    83 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 New CISA Alert: Hackers exploited CVE-2025-3928 in Commvault’s Metallic SaaS, compromising M365 credentials. This isn’t an isolated case—it’s part of a broader campaign targeting SaaS apps with default configs and excessive permissions. 🔍 Details: https://t.co/K

    @TheHackersNews

    23 May 2025

    67633 Impressions

    37 Retweets

    116 Likes

    32 Bookmarks

    0 Replies

    3 Quotes

  16. Commvault just confirmed a nation-state actor hit them with a zero-day (CVE-2025-3928) in Azure. No customer backups were accessed, but it’s serious enough for CISA to demand patches by May 19. You know the drill: update, log review, maybe a coffee. ☕️ https://t.co/ZZh47x8k

    @p1xlrs

    5 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Commvault Sécurité, La faille exploitée CVE-2025-3928 pourrait compromettre le serveur Web. ⚠️ Alerte CISA : Exploitation active de la vulnérabilité CVE-2025-3928 dans Commvault Web Server. https://t.co/by0XT4bcaf

    @NicolasCoolman

    5 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    5 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Critical: CVE-2025-3928 A zero-day in Commvault Command Center is actively exploited for unauthenticated remote code execution. CISA requires patching by May 19. Backup systems at ransomware risk. #Commvault #ZeroDay #InfoSec https://t.co/DwmApvFBkt

    @CloneSystemsInc

    5 May 2025

    103 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Commvault Azure Breach via Zero-Day Exploit (CVE-2025-3928): Why Proactive VAPT Is Your Best Defence https://t.co/SmQZGtq8Vn many enterprises have been helped to prevent breaches,past audits, and secure critical data visit https://t.co/OvG0atCwii

    @62Lulamamavuso1

    5 May 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/ypKfkGQD1I

    @StratoKey

    4 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    4 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. اختراق Azure: كومفولت تؤكد استغلال قراصنة لثغرة CVE-2025-3928 كـ “Zero-Day” https://t.co/sC7NjGekRD

    @ccforrs

    3 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    1 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. 🚨 Commvault Confirms Nation-State Attack via Zero-Day Exploit in Azure Environment Commvault has confirmed that a nation-state threat actor exploited a zero-day vulnerability (CVE-2025-3928) to gain access to its Azure cloud environment in February 2025. 📍 Key facts: - Br

    @efani

    1 May 2025

    332 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. https://t.co/GT5rnvVrhU https://t.co/NvrSsKh5VZ

    @riskigy

    1 May 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. [1/6] 🚨 CVE-2025-3928 In-the-Wild: Commvault confirms CVE-2025-3928 was exploited as a zero-day in Azure breach by nation-state actors. CVSS 8.8 (High). Affects Web Server before 11.20.217/11.28.141/11.32.89/11.36.46. CISA mandates patching by May 19. https://t.co/QonVGwaFJP

    @gothburz

    1 May 2025

    68 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  28. كشفت منصة Commvault المتخصصة في نسخ بيانات المؤسسات الاحتياطية أن جهة تهديد مجهولة تابعة لدولة اخترق بيئة مايكروسوفت أزور الخاصة بها عبر استغلال الثغرة الأم

    @CyberDaiber

    1 May 2025

    112 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. برای وب سرور Commvault ، آسیب پذیری با کد شناسایی CVE-2025-3928 منتشر شده است. هکرها می توانند بدون نیاز به دسترسی بالا و به صورت Remote ، این آسیب پذیری را اکسپلویت کنند

    @AmirHossein_sec

    1 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 تحذير صادر عن وكالة الأمن السيبراني الأمريكية (CISA) تم إدراج ثغرتين بالغتي الخطورة ضمن قائمة الثغرات المعروفة التي يتم استغلالها فعليًا (KEV)، وهما الثغر

    @hiddenlockT

    1 May 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Attackers are exploiting CVE-2025-3928 to breach Commvault environments in Azure. My KQL query helps defenders spot unauthorized access by monitoring Entra sign-ins & Azure activity CallerIps. https://t.co/swUmCVqr33 KQL Code: https://t.co/RmSTe8MCF3 https://t.co/K6rZoEnZrY

    @0x534c

    1 May 2025

    1704 Impressions

    11 Retweets

    49 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  32. CommvaultのAzure環境が、CVE-2025-3928のゼロデイ脆弱性を悪用され侵害。影響は限定的で、バックアップデータの漏洩はなし。Commvaultは、関連する5つのIPアドレスを公開し、ブロックとログ監視を推奨。条件付きア

    @01ra66it

    1 May 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🛑 Nation-state hackers breached Commvault’s Azure-hosted environment by exploiting a zero-day in Commvault’s own web server — CVE-2025-3928. 👀 Check sign-ins 🚫 Block malicious IPs 📑 Report activity fast Read now → https://t.co/PB2n3KVZ2W

    @TheHackersNews

    1 May 2025

    8360 Impressions

    21 Retweets

    40 Likes

    6 Bookmarks

    2 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2025-3928

    @transilienceai

    1 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/xucZz6Olz2 #TechNews #ITServices #Innovation

    @EnRouteIT

    1 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🚨 تحذير صادر عن وكالة الأمن السيبراني الأمريكية (CISA) تم إدراج ثغرتين بالغتي الخطورة ضمن قائمة الثغرات المعروفة التي يتم استغلالها فعليًا (KEV)، وهما الثغر

    @hiddenlockT

    1 May 2025

    157 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/W7JpjTHw01 https://t.co/sX4pxnEYym

    @talentxfactor

    1 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. #Commvault Confirms Hackers Exploited #CVE-2025-3928 as Zero-Day in #Azure Breach https://t.co/pN1MGDB4Fs

    @ScyScan

    1 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach. Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment... https://t.co/sFOAesiCdj #InceptusSecure #UnderOurProtection

    @Inceptus3

    1 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/OnxNJkux5x https://t.co/z7elkCAmpl

    @RigneySec

    1 May 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 📍Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/v4UO4OQWKm

    @cyberetweet

    1 May 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. The Hacker News - Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/25mgq7PLkg

    @buzz_sec

    1 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/rwIG6l4h1Y https://t.co/X9jUMj9UgA

    @evanderburg

    1 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://t.co/diYLCgexwh https://t.co/E0pmNEfwFa

    @TonyBeeTweets

    1 May 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 📌 أعلنت شركة Commvault أن قراصنة من دولة غير محددة استغلوا ثغرة CVE-2025-3928 للاختراق في بيئة Microsoft Azure، لكنها أكدت عدم وجود دليل على الوصول غير المصرح به للبيانات.

    @Cybercachear

    1 May 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🚨 Nation-state hackers breached Commvault via a Microsoft Azure zero-day — CVE-2025-3928. No customer backup data stolen, but shared clients with Microsoft may be affected. 👀 Spotted unusual logins? Act fast → https://t.co/PB2n3KVrdo

    @TheHackersNews

    1 May 2025

    455 Impressions

    4 Retweets

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  47. CISA has added CVE-2025-1976 in Broadcom and CVE-2025-3928 in Commvault to its Known Exploited list. Both allow code execution and are under active attack. Patching is critical to reduce risk. #CISA #Broadcom #Commvault #infosec #patchmanagement #vulnerabilitymanagement https://t

    @CloneSystemsInc

    30 Apr 2025

    14 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. CISA adds Commvault Web Server flaw (CVE-2025-3928) to KEV catalog. Active exploitation detected. Update to patched versions by May 17. #CyberSecurity #Commvault #CVE20253928 https://t.co/OqROXSFD3J

    @dailytechonx

    29 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🛡️ CISA Flags Broadcom & Commvault Flaws CISA adds 2 exploited bugs to KEV list: CVE-2025-1976 in Broadcom (root access via code injection) & CVE-2025-3928 in Commvault (web shell deployment). Patches available—agencies must act by May. https://t.co/sQ5pLlcwqA #

    @dCypherIO

    29 Apr 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 Urgent Cyber Alert: #CVE-2025-3928 Threatens #Commvault Web Server Security https://t.co/NJctZtSFft

    @UndercodeNews

    29 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.