CVE-2025-3928

HIGH

CVSS v3

8.8

HIGH

EPSS Score

18.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

Technical Details

Published
4/25/2025

Frequently Asked Questions

What is CVE-2025-3928?

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

Is CVE-2025-3928 actively exploited?

Active exploitation of CVE-2025-3928 has not been confirmed. The EPSS score is 18.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-3928?

CVE-2025-3928 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2025-3928 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.