CISA has classified two high-severity vulnerabilities in Broadcom Brocade Fabric OS and Commvault Web Server, marking them in the Known Exploited Vulnerabilities catalog due to active exploitation. CVE-2025-1976, with a CVSS score of 8.6, allows a local admin user to execute arbitrary code. CVE-2025-3928, scored at 8.7, involves an issue allowing remote authenticated users to deploy web shells. Commvault clarified that exploiting this flaw necessitates prior authenticated access, highlighting vulnerabilities affect several software versions across Windows and Linux systems.
Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment," Commvault said in an advisory released in February 2025.
This vulnerability can allow the user to execute any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their own subroutines," Broadcom noted in a bulletin published on April 17, 2025.
Collection
[
|
...
]