Vulnerabilities > CVE-2025-3928 - Unspecified vulnerability in Commvault

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
commvault
NVD
Published: 2025-04-25
Updated: 2025-05-28

Summary

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

Vulnerable Configurations

Part Description Count
Application
Commvault
367
OS
Linux
1
OS
Microsoft
1

Related news

References