CVE-2025-3928

Description

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Apr 28, 2025 Remediation due: May 19, 2025

Affected Products

Vendor	Product	Versions
commvault	commvault	11.20.0 — 11.20.217
commvault	commvault	11.28.0 — 11.28.141
commvault	commvault	11.32.0 — 11.32.89
commvault	commvault	11.36.0 — 11.36.46
linux	linux_kernel	All
microsoft	windows	All

References

Advisories & Patches

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html https://www.commvault.com/blogs/customer-security-update https://www.commvault.com/blogs/notice-security-advisory-update https://www.commvault.com/blogs/security-advisory-march-7-2025

Other References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928 https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928

Frequently Asked Questions

What is CVE-2025-3928? +

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. It has a CVSS v3.1 base score of 8.8 (HIGH). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

How severe is CVE-2025-3928? +

CVE-2025-3928 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-3928? +

CVE-2025-3928 affects products from commvault, linux, microsoft, specifically: commvault, linux_kernel, windows. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-3928? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-34028 10.0

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when …

CVE-2025-57790 8.8

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal …

CVE-2025-57788 6.5

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps …

CVE-2025-57791 6.5

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components …

CVE-2025-57789 5.4

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain …