CVE-2025-3928 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2025-3928?

CVE-2025-3928 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-3928?

Check the references section above for vendor advisories and patch information. Affected products include: Commvault Commvault, Linux Linux Kernel, Microsoft Windows.

Vulnerability Description

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Commvault	Commvault	>= 11.20.0, < 11.20.217
Linux	Linux Kernel	-
Microsoft	Windows	-

References

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.htmlVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltextThird Party AdvisoryUS Government Resource
https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-Third Party AdvisoryUS Government Resource
https://www.commvault.com/blogs/customer-security-updateVendor Advisory
https://www.commvault.com/blogs/notice-security-advisory-updateVendor Advisory
https://www.commvault.com/blogs/security-advisory-march-7-2025Vendor Advisory
https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource

FAQ

What is CVE-2025-3928?

CVE-2025-3928 is a vulnerability with a CVSS score of 8.8 (HIGH). Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors ...

How severe is CVE-2025-3928?

CVE-2025-3928 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-3928?

Check the references section above for vendor advisories and patch information. Affected products include: Commvault Commvault, Linux Linux Kernel, Microsoft Windows.