CVE-2025-3928 is a vulnerability in Commvault
Published on April 25, 2025
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Known Exploited Vulnerability
This Commvault Web Server Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.
The following remediation steps are recommended / required by May 17, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2025-3928 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2025-3928
You can be notified by stack.watch whenever vulnerabilities like CVE-2025-3928 are published in these products:
What versions of Commvault are vulnerable to CVE-2025-3928?
Each of the following must match for the vulnerability to exist.