The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog on Monday, April 28, requiring federal agencies to secure their Commvault software by May 19, 2025. Exploiting this vulnerability requires attackers to have authenticated user credentials within the Commvault software environment, meaning the target system must be accessible via the internet, compromised through another avenue, and accessed using legitimate credentials. Commvault, a leading provider of data protection solutions, has confirmed that a nation-state threat actor breached its Azure environment in February by exploiting a zero-day vulnerability. “Importantly, there has been no unauthorized access to customer backup data that Commvault stores and protects, and no material impact on our business operations or our ability to deliver products and services,” Sheer emphasized. Additionally, the company recommends customers rotate and sync client secrets between the Azure portal and Commvault every 90 days, and regularly monitor sign-in activity for access attempts from unauthorized IP addresses. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. According to Commvault, the breach was first detected when Microsoft notified the company of suspicious activity within its Azure environment on February 20, 2025. In response to the breach, Commvault has patched the vulnerability and implemented several security measures. Commvault has also published guidance for customers to protect their systems, including applying Conditional Access policies to Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations. “We immediately activated our incident response plan with the assistance of leading cybersecurity firms and law enforcement,” said Danielle Sheer, Commvault’s Chief Trust Officer, in a Wednesday update. The investigation revealed that the attackers exploited a previously unknown vulnerability, now identified as CVE-2025-3928, in the Commvault Web Server software. The agency warned that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise”. Organizations using Commvault’s products are strongly encouraged to apply the latest security patches and implement the recommended security measures to protect their environments from similar attacks. The company disclosed that while the incident affected a small number of customers, no backup data was compromised during the attack. Security researchers have rated the vulnerability with a CVSS base score of 8.8, reflecting its significant potential impact. This incident highlights the growing sophistication of nation-state cyber threats targeting critical infrastructure and data protection systems.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 17:00:07 +0000