CVE-2025-3928
Commvault Web Server Unspecified Vulnerability
CVSS
—
Sin CVSS
EPSS
2.0%
p78
KEV
SÍ
28 abr 2025
Exploit Today
74
0-100
Publicado: — · Última mod.: —
Producto
Commvault / Web Server
Vulnerabilidad
Commvault Web Server Unspecified Vulnerability
Añadido a KEV
28 abr 2025
Remediar antes de
19 may 2025
Uso conocido en ransomware
No
Descripción resumida
Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html; https://www.commvault.com/blogs/notice-security-advisory-update; https://nvd.nist.gov/vuln/detail/CVE-2025-3928
Sin CVEs relacionados por CWE o producto.