CVE-2025-3928

216.73.216.233

· Published 25/04/2025 16:15 · Modified 25/04/2025 16:15

Labels: CVE-2025-3928 2025-04-25 9119a7d8-5eab-497f-8521-727c672e3725 CVE-2025-3928

Essential information

Published: 25/04/2025 16:15
Modified: 25/04/2025 16:15
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 9119a7d8-5eab-497f-8521-727c672e3725
NVD: View on NVD

Affected products (CPE)

Product	CPE
commvault / web server	`cpe:2.3:a:commvault:web_server:11.36.46:::::::*`
commvault / web server	`cpe:2.3:a:commvault:web_server:11.32.89:::::::*`
commvault / web server	`cpe:2.3:a:commvault:web_server:11.28.141:::::::*`
commvault / web server	`cpe:2.3:a:commvault:web_server:11.20.217:::::::*`