CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Cybersecurity and Infrastructure Security Agency (CISA) has added the Commvault Web Server vulnerability (CVE-2025-3928) to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively exploiting this security flaw in the wild.
The agency announced this addition on April 28, 2025, giving federal agencies until May 17, 2025, to remediate the vulnerability in accordance with Binding Operational Directive (BOD) 22-01.
Commvault Web Server Unspecified Vulnerability- CVE-2025-3928
CVE-2025-3928 is classified as an “unspecified vulnerability” affecting Commvault Web Server that enables remote, authenticated attackers to create and execute webshells on compromised systems.
According to the National Vulnerability Database, this high-severity flaw carries a CVSS base score of 8.8, reflecting its significant potential impact.
“Web Servers can be compromised through bad actors creating and executing webshells,” states the Commvault advisory referenced by CISA.
This type of attack allows malicious actors to maintain persistent access to compromised systems while executing arbitrary commands with the privileges of the web server.
The vulnerability has been assigned an Exploit Prediction Scoring System (EPSS) score of 0.10%, indicating the probability of active exploitation in the next 30 days.
Despite this relatively low percentage, CISA’s addition of the vulnerability to the KEV catalog confirms that exploitation is already occurring.
Risk Factors Details Affected ProductsCommvault Web Server (Windows & Linux) up to:11.20.21611.28.14011.32.8811.36.45Impact– Complete server compromise- Execution of webshells- Confidential data exposure- Service disruption- Integrity modificationExploit PrerequisitesRemote, authenticated attacker with low privilegesCVSS 3.1 Score8.8 (High)
Affected Systems and Patched Versions
The security flaw affects Commvault Web Server deployments across both Windows and Linux platforms. Commvault has addressed this vulnerability in the following versions:
Organizations running earlier versions of the software remain vulnerable to potential attacks.
CISA recommends that organizations take one of the following actions by the May 17 deadline:
While BOD 22-01 requirements formally apply only to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly encourages all organizations to prioritize the timely remediation of catalog vulnerabilities as part of their security practices.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
Author: KaaviyaThe Cybersecurity and Infrastructure Security Agency (CISA) has added the Commvault Web Server vulnerability (CVE-2025-3928) to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively exploiting this security flaw in the wild.
The agency announced this addition on April 28, 2025, giving federal agencies until May 17, 2025, to remediate the vulnerability in accordance with Binding Operational Directive (BOD) 22-01.
Commvault Web Server Unspecified Vulnerability- CVE-2025-3928
CVE-2025-3928 is classified as an “unspecified vulnerability” affecting Commvault Web Server that enables remote, authenticated attackers to create and execute webshells on compromised systems.
According to the National Vulnerability Database, this high-severity flaw carries a CVSS base score of 8.8, reflecting its significant potential impact.
“Web Servers can be compromised through bad actors creating and executing webshells,” states the Commvault advisory referenced by CISA.
This type of attack allows malicious actors to maintain persistent access to compromised systems while executing arbitrary commands with the privileges of the web server.
The vulnerability has been assigned an Exploit Prediction Scoring System (EPSS) score of 0.10%, indicating the probability of active exploitation in the next 30 days.
Despite this relatively low percentage, CISA’s addition of the vulnerability to the KEV catalog confirms that exploitation is already occurring.
Risk Factors Details Affected ProductsCommvault Web Server (Windows & Linux) up to:11.20.21611.28.14011.32.8811.36.45Impact– Complete server compromise- Execution of webshells- Confidential data exposure- Service disruption- Integrity modificationExploit PrerequisitesRemote, authenticated attacker with low privilegesCVSS 3.1 Score8.8 (High)
Affected Systems and Patched Versions
The security flaw affects Commvault Web Server deployments across both Windows and Linux platforms. Commvault has addressed this vulnerability in the following versions:
- 11.36.46
- 11.32.89
- 11.28.141
- 11.20.217
Organizations running earlier versions of the software remain vulnerable to potential attacks.
CISA recommends that organizations take one of the following actions by the May 17 deadline:
- Apply mitigations according to vendor instructions
- Follow applicable BOD 22-01 guidance for cloud services
- Discontinue use of the product if mitigations are unavailable
While BOD 22-01 requirements formally apply only to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly encourages all organizations to prioritize the timely remediation of catalog vulnerabilities as part of their security practices.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
