CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.301

EPSS Ranking 96.4%

CVSS Severity

CVSS v3 Score 8.8

Proposed Action

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

Ransomware Campaign

Unknown

References

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html

Products affected by CVE-2025-3928

Commvault » Commvault » Version: Any

cpe:2.3:a:commvault:commvault:*
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-3928

Products

Pricing

Contact Us