A zero-day vulnerability in Commvault’s SaaS solutions has been exploited by threat actors, potentially as part of a broader campaign targeting cloud applications. Organizations are urged to enhance their monitoring and security practices to prevent further compromises. #CVE20253928 #AzureThreatActors
Keypoints
- An unpatched Commvault vulnerability (CVE-2025-3928) allowed attackers to execute webshells and compromise instances.
- It was exploited by suspected state-sponsored hackers to access Commvault’s Azure environment and customer M365 backups.
- Commvault has issued advisories, rotated credentials, and provided Indicators of Compromise (IoCs) for detection.
- The attack mainly affected a small subset of customers but did not compromise stored backups directly.
- CISA recommends organizations monitor logs, rotate secrets, restrict access, and apply patches to mitigate risks.
Read More: https://www.securityweek.com/companies-warned-of-commvault-vulnerability-exploitation/