Known Exploited Vulnerabilities CVE-2025-3928

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2025-3928	Commvault Web Server Unspecified Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments While public technical details of this exploit are limited, including the techniques used, it is known that authenticated, low-privileged attackers were able to achieve remote code execution and web shell deployment. References https://clawshea.medium.com/azure-breach-and-the-commvault-zero-day-how-webshells-slipped-through-the-cracks-3cad9735942c
CVE-2025-3928	Commvault Web Server Unspecified Vulnerability	secondary_impact	T1505.003	Web Shell	Comments While public technical details of this exploit are limited, including the techniques used, it is known that authenticated, low-privileged attackers were able to achieve remote code execution and web shell deployment. References https://clawshea.medium.com/azure-breach-and-the-commvault-zero-day-how-webshells-slipped-through-the-cracks-3cad9735942c