Main Vulnerability Database Vulnerabilities #VU107997

Input validation error in Commvault - CVE-2025-3928

Published: April 28, 2025

Vulnerability identifier: #VU107997

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2025-3928

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Commvault

Affected software:
Commvault

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an unspecified vulnerability in the Commvault Web Server. A remote non-authenticated attacker can send specially crafted request to the server and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

How to mitigate CVE-2025-3928

Install updates from vendor's website.

Sources

https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html

Input validation error in Commvault - CVE-2025-3928

Detailed vulnerability description

How to mitigate CVE-2025-3928

Sources

Please verify you're human