CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
gbhackersThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning a newly disclosed security flaw in the Commvault Web Server.
This vulnerability, now tracked as CVE-2025-3928, could allow remote, authenticated attackers to gain unauthorized access to systems, raising concerns across organizations worldwide that use Commvault’s data protection solutions.
CVE-2025-3928: Unspecified Vulnerability Sparks Concern
The Commvault Web Server has been found to contain an unspecified vulnerability, enabling attackers with authenticated access to create and execute webshells on affected servers.
While detailed technical information remains limited, experts warn that exploitation could lead to full system compromise, including unauthorized access, data theft, or deploying additional malicious payloads.
One of the more alarming factors is that the attack does not require privileged administrative rights; instead, any authenticated remote user could potentially leverage the flaw.
Currently, there is no public evidence linking this vulnerability to active ransomware campaigns, but ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE