Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity vulnerabilities in Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. These vulnerabilities could allow unauthorized access and execution of malicious code if exploited. Agencies are urged to apply patches by specified deadlines to secure affected systems.
Affected: Broadcom Brocade Fabric OS, Commvault Web Server
Keypoints :
- CVE-2025-1976 (CVSS 8.6): A code injection vulnerability in Broadcom Brocade Fabric OS allowing local users with admin privileges to execute arbitrary code.
- CVE-2025-3928 (CVSS 8.7): An unspecified flaw in Commvault Web Server enabling remote, authenticated attackers to create and execute web shells.
- Federal agencies are recommended to apply patches by May 17, 2025, for Commvault and by May 19, 2025, for Broadcom Fabric OS to mitigate risks.
Source: https://thehackernews.com/2025/04/cisa-adds-actively-exploited-broadcom.html