CVE-2025-3928
HIGHCVSS v3
8.8
HIGH
EPSS Score
18.1%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Technical Details
- Published
- 4/25/2025
Frequently Asked Questions
What is CVE-2025-3928?
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Is CVE-2025-3928 actively exploited?
Active exploitation of CVE-2025-3928 has not been confirmed. The EPSS score is 18.1%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-3928?
CVE-2025-3928 has a CVSS v3 base score of 8.8 (HIGH severity).
Is CVE-2025-3928 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.