CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928	Third Party Advisory US Government Resource
https://www.commvault.com/blogs/notice-security-advisory-update	Vendor Advisory
https://www.commvault.com/blogs/security-advisory-march-7-2025	Vendor Advisory
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:commvault:commvault::::::::
	cpe:2.3:a:commvault:commvault::::::::
	cpe:2.3:a:commvault:commvault::::::::
	cpe:2.3:a:commvault:commvault::::::::

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

06 May 2025, 20:52

Type	Values Removed	Values Added
Summary	(es) Commvault Web Server presenta una vulnerabilidad no especificada que puede ser explotada por un atacante remoto autenticado. Según el aviso de Commvault: «Los servidores web pueden verse comprometidos mediante la creación y ejecución de webshells por parte de actores maliciosos». Corregido en las versiones 11.36.46, 11.32.89, 11.28.141 y 11.20.217 para plataformas Windows y Linux.	(es) Commvault Web Server presenta una vulnerabilidad no especificada que puede ser explotada por un atacante remoto autenticado. Según el aviso de Commvault: «Los servidores web pueden verse comprometidos mediante la creación y ejecución de webshells por parte de actores maliciosos». Corregido en las versiones 11.36.46, 11.32.89, 11.28.141 y 11.20.217 para plataformas Windows y Linux. CISA ha añadido esta vulnerabilidad a su Cátalogo de Vulnerabilidades Explotadas Conocidas (KEV, Known Exploited Vulnerabilities) el 28/04/2025.
References	~~() https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/ -~~	() https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/ - Third Party Advisory

05 May 2025, 14:15

Type	Values Removed	Values Added
References		() https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/ -

02 May 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928 - Third Party Advisory, US Government Resource
References	~~() https://www.commvault.com/blogs/notice-security-advisory-update -~~	() https://www.commvault.com/blogs/notice-security-advisory-update - Vendor Advisory
References	~~() https://www.commvault.com/blogs/security-advisory-march-7-2025 -~~	() https://www.commvault.com/blogs/security-advisory-march-7-2025 - Vendor Advisory

02 May 2025, 03:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928 - () https://www.commvault.com/blogs/notice-security-advisory-update - () https://www.commvault.com/blogs/security-advisory-march-7-2025 -
Summary	(en) Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.	(en) Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

29 Apr 2025, 19:48

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:commvault:commvault:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
First Time		Microsoft Linux Commvault commvault Commvault Microsoft windows Linux linux Kernel
CWE		NVD-CWE-noinfo
References	~~() https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html -~~	() https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html - Vendor Advisory

29 Apr 2025, 01:00

Type	Values Removed	Values Added
Summary		(es) Commvault Web Server presenta una vulnerabilidad no especificada que puede ser explotada por un atacante remoto autenticado. Según el aviso de Commvault: «Los servidores web pueden verse comprometidos mediante la creación y ejecución de webshells por parte de actores maliciosos». Corregido en las versiones 11.36.46, 11.32.89, 11.28.141 y 11.20.217 para plataformas Windows y Linux.

25 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-25 16:15

Updated : 2025-05-06 20:52

NVD link : CVE-2025-3928

Mitre link : CVE-2025-3928

CVE.ORG link : CVE-2025-3928

JSON object : View

Products Affected

commvault

commvault

microsoft

windows

linux

linux_kernel

CWE

NVD-CWE-noinfo

8.8 /10