Security News > 2025 > April > CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
2025-04-29 04:21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw
News URL
https://thehackernews.com/2025/04/cisa-adds-actively-exploited-broadcom.html
Related news
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA warns about actively exploited Broadcom, Commvault vulnerabilities (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-24 | CVE-2025-1976 | OS Command Injection vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | 6.7 |