← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-3928 — Actively Exploited: Web Server (Commvault)

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

CVE IDCVE-2025-3928
VendorCommvault
ProductWeb Server
Vulnerability nameCommvault Web Server Unspecified Vulnerability
Date added2025-04-28
Remediation due2025-05-19
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionCommvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →