The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added yesterday to CISA's 'Known Exploited Vulnerabilities' (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited. The third flaw CISA added to KEV is CVE-2025-42599, a stack-based buffer overflow problem impacting all versions of Active! up to and including 'BuildInfo: 6.60.05008561' on all OS platforms. Broadcom Brocade Fabric OS is a specialized operating system that runs on the company's Brocade Fibre Channel switches to manage and optimize storage area networks (SAN). Earlier this month, Broadcom disclosed an arbitrary code execution flaw impacting Fabric OS versions 9.1.0 through 9.1.1d6, tracked under CVE-2025-1976. The Commvault flaw, tracked under CVE-2025-3928, is an unspecified security problem that authenticated attackers can exploit remotely to plant webshells on target servers. The flaw was flagged as actively exploited last week by Japan's CERT, while SMB providers and ISPs in the country also announced service outages caused by related exploitation activity. "This vulnerability can allow the user to execute any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their own subroutines," reads Broadcom's bulletin. While the flaw requires admin privileges to exploit, Broadcom says it has been actively exploited in attacks. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 29 Apr 2025 14:20:09 +0000