CISA Integrates Broadcom and Commvault Vulnerabilities into KEV Database
On April 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) fortifies its Known Exploited Vulnerabilities (KEV) catalog by including two critical security flaws affecting Broadcom’s Brocade Fabric OS and Commvault Web Server. This addition follows confirmed instances of active exploitation in the field, prompting heightened awareness and immediate action from businesses relying on these technologies.
The vulnerabilities of concern are identified as CVE-2025-1976 and CVE-2025-3928. The former is a code injection vulnerability in Broadcom’s Brocade Fabric OS, assigned a CVSS score of 8.6. It presents a significant risk, as it allows a local user with administrative access to execute arbitrary code with root privileges, potentially compromising entire systems. Such a breach could have serious implications for the operational integrity of organizations utilizing this platform.
The latter vulnerability, CVE-2025-3928, is associated with the Commvault Web Server and carries a CVSS score of 8.7. This flaw enables a remote, authenticated attacker to create and execute web shells, significantly enhancing the attacker’s ability to manipulate the server environment. Commvault clarified in a February advisory that exploitation of this vulnerability necessitates possession of authenticated credentials within its software ecosystem, indicating that unauthorized access is not a viable pathway for attackers. For users of Commvault’s solutions, this underlines the importance of safeguarding user accounts against credential theft.
Both vulnerabilities exhibit characteristics that align with various stages of the MITRE ATT&CK framework. For instance, the Broadcom vulnerability could allow for initial access and privilege escalation through an administrative foothold, enabling further exploitation of intricate system functionalities. In the context of the Commvault risk, the ability to create web shells aligns with persistence tactics, potentially allowing attackers to maintain long-term access to compromised systems.
Organizations utilizing these products are urged to assess their security protocols proactively. With evidence pointing to active exploitation, maintaining vigilance around user authentication processes and software patch management becomes essential. Failure to address these vulnerabilities could result in severe operational disruptions, data breaches, or compliance violations.
CISA’s inclusion of these vulnerabilities serves as both a warning and a call to action for business leaders to examine their cybersecurity posture closely. As the threat landscape grows increasingly complex and sophisticated, a proactive approach in fortifying defenses against such vulnerabilities becomes imperative for safeguarding sensitive data and ensuring operational resilience.
