Hackers have actively exploited a high-severity vulnerability in the Commvault Web Server, tracked as CVE-2025-3928, in a breach involving Azure environments. The flaw, which has a CVSS score of 8.8, was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on April 28, 2025, just three days after its disclosure. This rapid exploitation underscores the critical nature of the vulnerability, which allows remote, authenticated attackers to compromise web servers by creating and executing webshells.
The vulnerability was exploited in the wild within 2.3 days of its disclosure, highlighting the urgency for organizations using Commvault Web Server to apply the necessary patches. Commvault has released fixes in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217, addressing the unspecified flaw that attackers leveraged to gain unauthorized access.
The exploitation of CVE-2025-3928 as a zero-day in the Azure breach demonstrates the vulnerability's potential impact on cloud environments. Organizations relying on Commvault's solutions, particularly those integrated with Azure, should prioritize updating their systems to mitigate the risk of further exploitation.
Security teams are advised to verify their systems against the patched versions and monitor for any signs of compromise, such as unexpected webshell activity. Given the vulnerability's high severity and active exploitation, immediate attention is warranted to protect sensitive data and maintain system integrity.
CSURFACE