Commvault has reported a vulnerability, CVE-2025-3928, which has been added to CISA’s KEV catalog, allowing remote exploitation that could lead to webshell creation and complete system compromise. This affects specific versions of Commvault software prior to the release of necessary patches in February 2025. The company is actively aiding impacted customers and has improved security measures following a recent attack associated with this vulnerability.
Keypoints :
- Commvault shared indicators of compromise (IoCs) related to CVE-2025-3928, recently added to CISA’s KEV catalog.
- The vulnerability, with a CVSS score of 8.7, allows remote exploitation leading to webshells and total system compromise.
- Impacted software versions: Commvault 11.x prior to 11.36.46, 11.32.89, 11.28.141, and 11.20.217.
- Microsoft notified Commvault of unauthorized activity leading to the exploration of this zero-day vulnerability by a nation-state threat actor.
- No customer backup data was affected, and the incident did not impact Commvault’s business operations.
- Commvault is collaborating with affected customers and has implemented enhanced security measures post-attack.
- Five IP addresses linked to the attacks have been identified and recommended for blocking.
- Customers are advised to monitor Azure login logs and apply Conditional Access policies to enhance security.
- Regular secret rotation between Azure and Commvault every 90 days is recommended to mitigate risks.
Read More: https://www.securityweek.com/more-details-come-to-light-on-commvault-vulnerability-exploitation/