CVE-2025-3928
Published: Apr 25, 2025
Modified: Feb 26, 2026
CVSS v3.1
8.8
Description
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
| Vendor | Product | Versions |
|---|---|---|
Commvault | Web Server | affected 11.36.0 - < 11.36.46unaffected 11.36.46affected 11.32.0 - < 11.32.89unaffected 11.32.89affected 11.28.0 - < 11.28.141+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now