CVE-2025-3928 | Vulnerability Database | Aqua Security

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: Webservers can be compromised through bad actors creating and executing webshells. Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

Affected Software

Name	Vendor	Start Version	End Version
Commvault	Commvault	11.20.0 (including)	11.20.217 (excluding)
Commvault	Commvault	11.28.0 (including)	11.28.141 (excluding)
Commvault	Commvault	11.32.0 (including)	11.32.89 (excluding)
Commvault	Commvault	11.36.0 (including)	11.36.46 (excluding)

References

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic
https://www.commvault.com/blogs/customer-security-update
https://www.commvault.com/blogs/notice-security-advisory-update
https://www.commvault.com/blogs/security-advisory-march-7-2025
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3928

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-3928
CWE	https://cwe.mitre.org/data/definitions/.html