8.8

CVE-2025-3928

Warnung
Medienbericht
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CommvaultCommvault Version >= 11.20.0 < 11.20.217
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
CommvaultCommvault Version >= 11.28.0 < 11.28.141
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
CommvaultCommvault Version >= 11.32.0 < 11.32.89
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
CommvaultCommvault Version >= 11.36.0 < 11.36.46
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-

28.04.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Commvault Web Server Unspecified Vulnerability

Schwachstelle

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.09% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9119a7d8-5eab-497f-8521-727c672e3725 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.