CVE-2025-3928

Name of the Vulnerable Software and Affected Versions Commvault Web Server versions prior to 11.20.217 Commvault Web Server versions prior to 11.28.141 Commvault Web Server versions prior to 11.32.89 Commvault Web Server versions prior to 11.36.46

Description The Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory, webservers can be compromised through bad actors creating and executing webshells. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. A nation-state threat actor breached Commvault's Microsoft Azure environment by exploiting this vulnerability, but there is no evidence of unauthorized data access.

Recommendations Update to version 11.20.217 or later for Commvault Web Server. Update to version 11.28.141 or later for Commvault Web Server. Update to version 11.32.89 or later for Commvault Web Server. Update to version 11.36.46 or later for Commvault Web Server. As a temporary workaround, consider disabling the web server until a patch is available. Restrict access to the web server to minimize the risk of exploitation. Monitor logs for suspicious activity and implement credential rotation to defend against potential attacks.