CyberSecurityBoard
Sponsor Register Login

Commvault Webserver Vulnerability Let Attackers Compromise Webserver

The flaw affects multiple versions of Commvault’s software across Linux and Windows platforms, posing significant risks of unauthorized access, data exfiltration, and systemic breaches. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These stealthy scripts grant persistent remote access, enabling attackers to bypass authentication, manipulate protected data, and pivot to other network resources. With Commvault software integral to global data protection infrastructures spanning financial, healthcare, and government sectors—this vulnerability demands prioritized remediation. Network segmentation and strict inbound/outbound firewall rules for Commvault’s web ports (e.g., TCP/80, TCP/443) are critical interim measures for environments requiring delayed patching. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Commvault’s advisory explicitly warns that “Webservers can be compromised through bad actors creating and executing webshells,” highlighting the direct path to system takeover. Delaying patches risks exploitation, as webshells can evade traditional detection systems while maintaining covert access. Additionally, audit logs for anomalous POST requests to /webconsole/API or unexpected *.jspx file creations can help detect exploit attempts. Although the exploit specifics remain undisclosed, third-party researchers speculate it involves improper sanitization of user-supplied paths in file upload handlers. Cybercriminals are advancing beyond rudimentary phishing attempts, adopting sophisticated social engineering strategies that build relationships with targets before delivering malicious payloads. As cybercriminals increasingly target backup systems, securing Commvault environments becomes paramount to ensuring organizational resilience. She is covering various cyber security incidents happening in the Cyber Space. Patched releases were initially rolled out on March 4, 2025, with additional fixes on March 7 to strengthen webserver security. Webshells typically written in ASP, PHP, or JSP are often deployed through compromised file upload mechanisms or injection attacks. Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 07:10:07 +0000


Cyber News related to Commvault Webserver Vulnerability Let Attackers Compromise Webserver

Commvault Confirms 0-Day Exploit Allowed Hackers Access to Its Azure Environment - The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog on Monday, April 28, requiring federal agencies to secure their Commvault software by May 19, 2025. Exploiting this ...
2 months ago Cybersecuritynews.com CVE-2025-3928
Commvault says recent breach didn't impact customer backup data - "Importantly, there has been no unauthorized access to customer backup data that Commvault stores and protects, and no material impact on our business operations or our ability to deliver products and services," Danielle Sheer, the ...
2 months ago Bleepingcomputer.com CVE-2025-3928
Commvault Webserver Vulnerability Let Attackers Compromise Webserver - The flaw affects multiple versions of Commvault’s software across Linux and Windows platforms, posing significant risks of unauthorized access, data exfiltration, and systemic breaches. Cyber Security News is a Dedicated News Platform For Cyber ...
4 months ago Cybersecuritynews.com
Commvault RCE Vulnerability Lets Remote Attackers Execute Arbitrary Code - Security researchers have identified a path traversal vulnerability in Commvault Command Center that allows unauthenticated actors to upload malicious ZIP files which, when expanded by the target server, can result in Remote Code Execution (RCE). A ...
2 months ago Cybersecuritynews.com CVE-2025-34028
CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild - CISA has issued a new security warning about a critical vulnerability affecting the Commvault Web Server, built into one of the industry’s leading data protection platforms. This alert comes as security teams worldwide scramble to assess exposure ...
2 months ago Cybersecuritynews.com CVE-2025-3928
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks - The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added ...
2 months ago Bleepingcomputer.com CVE-2025-42599
Commvault RCE Vulnerability Let Attackers Breach the Vault - PoC Released - The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. Cyber Security News is a Dedicated News ...
2 months ago Cybersecuritynews.com CVE-2025-34028
Vulnerability Summary for the Week of February 12, 2024 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ...
1 year ago Cisa.gov
CVE-2024-34715 - Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes ...
1 year ago
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
3 months ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
CVE-2017-18044 - A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to ...
5 years ago
CVE-2025-3928 - Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed ...
2 months ago CVE-2025-3928
Only 13% of organizations are cyber mature - A staggering 83% of organizations have suffered a material security breach recently, with over half occurring in the past year alone, underscoring the critical need for advanced preparedness and agile response strategies, according to Commvault. For ...
1 year ago Helpnetsecurity.com
Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack - Let's say TensorFlow wants to run a set of tests when a GitHub user submits a pull request. TensorFlow can define these tests in a yaml workflow file, used by GitHub Actions, and configure the workflow to run on the `pull request` trigger. One type ...
1 year ago Securityboulevard.com
CVE-2023-41319 - Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded ...
1 year ago
Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
1 year ago Cisa.gov
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
1 year ago Wordfence.com
The Last Mile of Encrypting the Web: 2023 Year in Review - At the start of 2023, we sunsetted the HTTPS Everywhere web extension. It encrypted browser communications with websites and made sure users benefited from the protection of HTTPS wherever possible. HTTPS Everywhere ended because all major browsers ...
1 year ago Eff.org
It all adds up: Pretexting in executive compromise - If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords. While ...
1 year ago Securityintelligence.com
CVE-2021-30118 - An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is ...
3 years ago
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com
Don't get hacked! Apply the right vulnerability metrics to Kubernetes scans - As you read this, I'd like you to keep in mind that CVSS was never intended to be that end-all software vulnerability scoring system. Doesn't reflect actual risk - CVSS provides a base score that represents the inherent severity of a vulnerability in ...
1 year ago Securityboulevard.com
CVE-2020-15800 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. ...
3 years ago
CVE-2023-40273 - The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)