← Back

CVE-2025-3928

nvd nist
Published: Apr 25, 2025Modified: Oct 31, 2025CISA KEV

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)

Description

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

Affected (4)

Products: Commvault: Commvault
Commvault
1 product
Commvault
Configuration A
4 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Commvault
Commvault
From 11.20.0 to 11.20.217
Commvault
From 11.28.0 to 11.28.141
Commvault
From 11.32.0 to 11.32.89
Commvault
From 11.36.0 to 11.36.46
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

References (8)

Source: 9119a7d8-5eab-497f-8521-727c672e3725
Vendor Advisory
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Third Party AdvisoryUS Government Resource
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Third Party AdvisoryUS Government Resource
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Vendor Advisory
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Vendor Advisory
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.