Secure Cyber Vulnerability Management

30/04/2025
Qualys-Threat-Protect

CISA Warns of Actively Exploited Brocade and Commvault Vulnerabilities (CVE-2025-1976 & CVE-2025-3928)

by Deepanshu Jha

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about two high-severity vulnerabilities impacting Broadcom Brocade Fabric OS and Commvault Web server. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch them before May 19, 2025.

CVE-2025-1976: Brocade Fabric OS Code Injection Vulnerability 

An attacker must have valid access to a role with admin privileges. The improper IP Address validation flaw may allow a local user with a pre-defined admin role or a user-defined role with admin-level privileges to execute arbitrary code with full root-level access. The vulnerability can allow the user to perform any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their subroutines.

CVE-2025-3928: Commvault Webserver Vulnerability

An attacker must have authenticated user credentials within the Commvault Software environment to exploit the vulnerability. Unauthenticated access is not exploitable. An attacker may exploit the vulnerability to create and execute webshells.

For software customers, vulnerability is exploitable when the instance is

  1. accessible via the internet
  2. compromised through an unrelated avenue
  3. accessed by leveraging legitimate user credentials

Affected Versions

CVE-2025-1976:

The vulnerability affects Brocade Fabric OS versions 9.1.0 through 9.1.1d6.

CVE-2025-3928:

The vulnerability affects the following Commvault Windows and Linux versions:

  • 11.36.0 through 11.36.45
  • 11.32.0 through 11.32.88
  • 11.28.0 through 11.28.140
  • 11.20.0 through 11.20.216

Mitigation

CVE-2025-1976:

Users must upgrade to the Brocade Fabric OS version 9.1.1d7 to patch the vulnerability.

For more information, please refer to the Broadcom Security Advisory (BSA-2025-2930).

CVE-2025-3928:

Users must upgrade to the following versions to patch the vulnerability:

  • 11.36.46
  • 11.32.89
  • 11.28.141
  • 11.20.217

For more information, please refer to the Commvault Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 38981 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602

Comments are closed.

You may also like