CVE-2025-3928
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Vendor
Product
CWE
Yayın Tarihi
2025-04-25 16:15:27
Güncelleme
2025-10-31 21:59:08
Source Identifier
9119a7d8-5eab-497f-8521-727c672e3725
KEV Date Added
2025-04-28
Kategoriler
Referanslar
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic
https://www.commvault.com/blogs/customer-security-update
https://www.commvault.com/blogs/notice-security-advisory-update
https://www.commvault.com/blogs/security-advisory-march-7-2025
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928