CVE-2025-3928 - Commvault Web Server
AI Vulnerability ContextCommvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog...
Overview
A source-backed snapshot of this vulnerability.
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2025-3928
- Vendor/project
- Commvault
- Product
- Web Server
- Vulnerability name
- Commvault Web Server Unspecified Vulnerability
- Date added
- 2025-04-28
- Due date
- 2025-05-19
- Known ransomware campaign use
- Unknown
- CVSS v3
- 8.8
- CVSS v4
- 8.7
Exploit context
What the vulnerability is about.
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
