- Description
- Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Commvault Web Server Unspecified Vulnerability
- Exploit added on
- Apr 28, 2025
- Exploit action due
- May 17, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
16
🚨 Urgent Cyber Alert: #CVE-2025-3928 Threatens #Commvault Web Server Security https://t.co/NJctZtSFft
@UndercodeNews
29 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA adds two actively exploited vulnerabilities to its KEV catalog: •Broadcom Brocade Fabric OS (CVE-2025-1976) •Commvault Web Server (CVE-2025-3928) Admins, patch ASAP to protect your systems! #CyberSecurity #CISA #VulnerabilityAlert https://t.co/vRIYqgNCda
@syberintel
29 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Critical VMware vCenter Server flaws — CVE-2025-1976, CVE-2025-3928 — added to Known Exploited Vulnerabilities (KEV) list. Patch immediately to protect your systems! 🔒 Details: https://t.co/7HfaQulJ5U #Cybersecurity #VMware
@_F2po_
29 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-3928 #Commvault Web Server Unspecified Vulnerability https://t.co/T21WT8ySLF
@ScyScan
28 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Brocade Fabric OS, Commvault Web Server & Qualitia Active! mail vulnerabilities CVE-2025-1976, CVE-2025-3928 & CVE-2025-42599 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from c
@CISACyber
28 Apr 2025
6106 Impressions
25 Retweets
41 Likes
5 Bookmarks
2 Replies
1 Quote
🚨 A critical vulnerability (CVE-2025-3928) has been discovered in Commvault Web Server! Remote attackers can exploit it easily. Immediate patching is recommended. Details ➡️ https://t.co/weXyJSFey8 #CyberSecurity #InfoSec #Vulnerability
@threatsbank
26 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3928 Commvault Web Server Remote Code Execution via Webshell Vulnerability https://t.co/wAE8ShTnPI
@VulmonFeeds
25 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3928 Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be… https://t.co/c6VubSwT0x
@CVEnew
25 Apr 2025
436 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes