CVE-2025-3928

Commvault Web Server unspecified vulnerability

Description

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

INFO

Published Date :

2025-04-25T15:56:28.112Z

Last Modified :

2026-02-26T18:28:03.538Z

Source :

cisa-cg

AFFECTED PRODUCTS

The following products are affected by CVE-2025-3928 vulnerability.

Vendors	Products
Commvault	Commvault
Linux	Linux Kernel
Microsoft	Windows

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3928.

URL	Resource
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic
https://www.commvault.com/blogs/customer-security-update
https://www.commvault.com/blogs/notice-security-advisory-update
https://www.commvault.com/blogs/security-advisory-march-7-2025