8.8 CVE-2025-3928
CISA Kev Catalog
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
https://nvd.nist.gov/vuln/detail/CVE-2025-3928
Categories
CWE-NVD-noinfo
References
9119a7d8-5eab-497f-8521-727c672e3725
| https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fullt... Third Party Advisory US Government Resource |
| https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-thre... Third Party Advisory US Government Resource |
| https://www.commvault.com/blogs/customer-security-update Vendor Advisory |
| https://www.commvault.com/blogs/notice-security-advisory-update Vendor Advisory |
| https://www.commvault.com/blogs/security-advisory-march-7-2025 Vendor Advisory |
af854a3a-2127-422b-91ae-364da2661108
| https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-d... Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| AND | ||
| cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:* | >= 11.20.0 | < 11.20.217 |
| cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:* | >= 11.28.0 | < 11.28.141 |
| cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:* | >= 11.32.0 | < 11.32.89 |
| cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:* | >= 11.36.0 | < 11.36.46 |
| Running on/with | ||
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
