Unrated severityCISA KEVNVD Advisory· Published Apr 25, 2025· Updated Feb 26, 2026
Commvault Web Server unspecified vulnerability
CVE-2025-3928
Description
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: before 11.36.46, 11.32.89, 11.28.141, 11.20.217
- Commvault/Web Serverv5Range: 11.36.0
Patches
Vulnerability mechanics
References
6- documentation.commvault.com/securityadvisories/CV_2025_03_1.htmlmitre
- www.cisa.gov/known-exploited-vulnerabilities-catalogmitre
- www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallicmitre
- www.commvault.com/blogs/customer-security-updatemitre
- www.commvault.com/blogs/notice-security-advisory-updatemitre
- www.commvault.com/blogs/security-advisory-march-7-2025mitre
News mentions
0No linked articles in our index yet.