Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach - #CVE-2025-3928
CISA has issued warnings about two actively exploited vulnerabilities: CVE-2025-1976 in Broadcom Brocade Fabric OS and CVE-2025-3928 in Commvault Web Server. The Brocade vulnerability allows arbitrary code execution with root access, while the Commvault flaw enables webshell creation and execution. Commvault later disclosed that a nation-state threat actor exploited CVE-2025-3928 as a zero-day to breach its Microsoft Azure environment, though no customer data was compromised. CISA has added CVE-2025-3928 to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by May 19, 2025. Both companies have released patches and security recommendations, urging users to update their systems promptly to mitigate risks effectively.