Summary: The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has identified vulnerabilities in Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients that are being actively exploited in the wild. These flaws have been added to CISA’s ‘Known Exploited Vulnerabilities’ (KEV) catalog, with detailed remediation steps provided. Organizations affected are urged to apply fixes to avoid potential breaches.
Affected: Broadcom, Commvault, Qualitia
Keypoints :
- CVE-2025-1976 affects Broadcom Brocade Fabric OS, allowing arbitrary code execution if admin access is obtained, with active exploitation reported.
- CVE-2025-3928 in Commvault web servers permits authenticated attackers to remotely install webshells despite the necessity of user authentication.
- CVE-2025-42599, a stack-based buffer overflow in Qualitia Active! Mail, affects all versions up to BuildInfo 6.60.05008561 and has led to service disruptions in Japan.
- Organizations have deadlines until May 17 and May 19, 2025, to apply necessary fixes for these vulnerabilities.