Commvault has disclosed a breach in its Microsoft Azure environment by a nation-state threat actor, exploiting a zero-day vulnerability (CVE-2025-3928), but emphasizes there is no evidence of unauthorized data access. Affected: Commvault and shared customers with Microsoft
Keypoints:
- Commvault’s Azure environment was breached but no unauthorized access to customer backup data occurred.
- The breach affected a small number of customers shared with Microsoft, and assistance is being provided to them.
- Commvault has rotated affected credentials and enhanced security measures in response to the incident.
- CISA has added CVE-2025-3928 to its Known Exploited Vulnerabilities catalog, mandating patches for Commvault Web Server by May 19, 2025.
- Customers are advised to implement Conditional Access policies for Microsoft 365, Dynamics 365, and Azure AD, and rotate client secrets every 90 days.
- Monitoring of sign-in activity from specific malicious IP addresses is recommended, along with the blocking of these IPs in Conditional Access policies.
- Detected access attempts from the listed IPs should be reported to Commvault Support for further action.
Read More: https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html