Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Companies Warned of Commvault Vulnerability Exploitation

Posted on May 23, 2025May 23, 2025 By CWS

The continued exploitation of a Commvault vulnerability that was focused as a zero-day is probably going a part of a broader marketing campaign towards software-as-a-service (SaaS) options, the US cybersecurity company CISA says.

Tracked as CVE-2025-3928 (CVSS rating of 8.7), the unspecified safety defect permits distant attackers to create and execute webshells, totally compromising weak situations.

Commvault mounted the bug in late February, warning that it discovered from Microsoft {that a} suspected state-sponsored risk actor had exploited it as a zero-day to hack into its Azure surroundings. In late April, CISA added the vulnerability to the KEV catalog.

In early Might, the corporate up to date its safety advisory to warn that risk actors “could have accessed a subset of app credentials that sure Commvault prospects use to authenticate their M365 environments.”

To assist prospects hunt for potential compromise, Commvault has offered indicators of compromise (IoCs) related to the noticed exercise. It additionally rotated credentials and strengthened monitoring guidelines as a remediation motion.

The malicious exercise, the corporate has revealed, solely impacted a small variety of prospects it has in frequent with Microsoft, however didn’t contain unauthorized entry to buyer backups saved by Commvault.

In accordance with CISA, the attackers might need exploited CVE-2025-3928 to entry shopper secrets and techniques for Commvault’s M365 backup SaaS resolution hosted in Azure, leading to unauthorized entry to “Commvault’s prospects’ M365 environments which have utility secrets and techniques saved by Commvault.”

“CISA believes the risk exercise could also be half of a bigger marketing campaign focusing on numerous SaaS corporations’ cloud purposes with default configurations and elevated permissions,” the company notes.Commercial. Scroll to proceed studying.

Organizations are suggested to watch Entra audit logs, think about irregular logins as suspicious, conduct inner risk looking, implement conditional entry insurance policies, rotate Commvault Metallic utility secrets and techniques, rotate utility credentials, evaluation administrative privileges, and implement robust M365 safety.

For on-premises deployments, organizations ought to limit entry to Commvault administration interfaces, detect and block path-traversal makes an attempt, block suspicious file uploads, apply the mandatory patches, and monitor exercise from sudden directories.

Associated: Crucial Commvault Vulnerability in Attacker Crosshairs

Associated: Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds

Associated: Microsoft Purges Dormant Azure Tenants, Rotates Keys to Stop Repeat Nation-State Hack

Associated: Chinese language Spies Exploit Ivanti Vulnerabilities Towards Crucial Sectors

Security Week News Tags:Commvault, Companies, Exploitation, Vulnerability, Warned

Post navigation

Previous Post: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
Next Post: 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide

Related Posts

Cloudflare Tunnels Abused in New Malware Campaign Security Week News
Russian APT Hits Ukrainian Government With New Malware via Signal Security Week News
US Offering $10 Million Reward for RedLine Malware Developer Security Week News
New Vulnerabilities Expose Millions of Brother Printers to Hacking Security Week News
Backdoored Open Source Malware Repositories Target Novice Cybercriminals Security Week News
Asus Armoury Crate Vulnerability Leads to Full System Compromise Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
  • How to Implement Least Privilege Access
  • Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild
  • SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
  • Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
  • How to Implement Least Privilege Access
  • Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild
  • SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
  • Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News