CyberSecurityBoard
Sponsor Register Login

CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild

CISA has issued a new security warning about a critical vulnerability affecting the Commvault Web Server, built into one of the industry’s leading data protection platforms. This alert comes as security teams worldwide scramble to assess exposure and mitigate risk, following the vulnerability’s addition to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on April 28, 2025. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. However, researchers clarify that the flaw enables attackers with valid credentials to gain remote code execution (RCE) capabilities, specifically by uploading and running webshells-malicious scripts that grant attackers control over targeted systems. Security analysts warn that, even though exploitation currently requires authentication, many organizations fail to enforce strong access controls, leaving them vulnerable. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. While there is no current public confirmation that CVE-2025-3928 has been leveraged in major ransomware campaigns, its ability to enable webshell deployment raises significant alarms. Webshells are a favorite tool among threat actors for establishing persistence, data exfiltration, lateral movement, and launching follow-on attacks, including ransomware. Assigned CVE-2025-3928, the flaw allows remote, authenticated attackers to create and execute webshells on compromised servers. According to CISA and initial advisories, the vulnerability is “unspecified,” meaning details have not been publicly disclosed, which is likely to prevent further exploitation. She is covering various cyber security incidents happening in the Cyber Space. Commvault, known for its enterprise-grade backup and recovery solutions, has quickly responded by releasing a patch and urging its customers to update immediately. With ransomware operators increasingly targeting backup solutions, even a single lapse can have devastating, organization-wide consequences. Users must consult Commvault’s official advisory and CISA’s guidance on the newly added CVE-2025-3928 for more information.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 29 Apr 2025 05:40:08 +0000


Cyber News related to CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild - CISA has issued a new security warning about a critical vulnerability affecting the Commvault Web Server, built into one of the industry’s leading data protection platforms. This alert comes as security teams worldwide scramble to assess exposure ...
3 hours ago Cybersecuritynews.com CVE-2025-3928
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
10 months ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
CVE-2021-46976 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
9 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
10 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
6 months ago Therecord.media
Commvault Webserver Vulnerability Let Attackers Compromise Webserver - The flaw affects multiple versions of Commvault’s software across Linux and Windows platforms, posing significant risks of unauthorized access, data exfiltration, and systemic breaches. Cyber Security News is a Dedicated News Platform For Cyber ...
1 month ago Cybersecuritynews.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Commvault RCE Vulnerability Lets Remote Attackers Execute Arbitrary Code - Security researchers have identified a path traversal vulnerability in Commvault Command Center that allows unauthenticated actors to upload malicious ZIP files which, when expanded by the target server, can result in Remote Code Execution (RCE). A ...
5 days ago Cybersecuritynews.com CVE-2025-34028
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 BianLian
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
10 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-49103 CVE-2023-22515 APT28 APT29 BianLian
North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 Rocke BianLian
CISA warns of hackers exploiting Chrome, EoL D-Link bugs - The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Adding the issues to the KEV catalog ...
11 months ago Bleepingcomputer.com CVE-2024-4761 CVE-2021-40655
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
10 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
6 months ago Securityaffairs.com CVE-2024-45519 CVE-2024-29849 CVE-2024-41585
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
1 year ago Go.theregister.com CVE-2023-26360
CISA warns agencies of fourth flaw used in Triangulation spyware attacks - The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-27524 CVE-2023-41990 CVE-2023-38203 CVE-2023-29300 CVE-2016-20017

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)