Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-3928
CVE-2025-3928:
Commvault vulnerability analysis and mitigation
Overview
Commvault Web Server contains a critical vulnerability (CVE-2025-3928) that allows remote authenticated attackers to create and execute webshells. The vulnerability was discovered in February 2025 and was initially exploited as a zero-day by a nation-state threat actor. The affected versions include Commvault software versions 11.20.0-11.20.216, 11.28.0-11.28.140, 11.32.0-11.32.88, and 11.36.0-11.36.45 on both Windows and Linux platforms (Commvault Advisory).
Technical details
The vulnerability has received a CVSS v4.0 score of 8.7 (HIGH) and a CVSS v3.1 score of 8.8 (HIGH). The CVSS v3.1 vector string is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited remotely with low attack complexity, requires low privileges, and no user interaction. The vulnerability allows authenticated attackers to compromise webservers through the creation and execution of webshells (CISA KEV, Commvault Advisory).
Impact
The vulnerability affects Commvault's Microsoft Azure environment and has impacted a small number of shared customers between Commvault and Microsoft. However, Commvault has confirmed that there has been no unauthorized access to customer backup data and no material impact on their business operations or ability to deliver products and services (Hacker News, Commvault Update).
Mitigation and workarounds
Commvault has released patches for all affected versions: 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for both Windows and Linux platforms. Organizations are advised to apply Conditional Access policies to all Microsoft 365, Dynamics 365, and Azure AD single-tenant app registrations, rotate and sync client secrets between Azure portal and Commvault every 90 days, and monitor sign-in activity for suspicious access attempts. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, requiring federal agencies to apply patches by May 19, 2025 (CISA Alert, Commvault Advisory).
Community reactions
The incident has drawn significant attention from the cybersecurity community, particularly due to its exploitation by a nation-state actor. Commvault has been transparent about the breach, working closely with cybersecurity firms, the FBI, and CISA. The company has maintained regular communication through blog updates and security advisories, emphasizing their commitment to customer security and threat intelligence sharing (Commvault Update, Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management