Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident
May 01, 2025
Zero-Day / Threat Intelligence
Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…
Zero-Day / Threat Intelligence
Commvault Confirms Breach Linked to CVE-2025-3928 Exploitation in Azure Environment May 1, 2025 Threat Intelligence Commvault, a leader in enterprise data backup solutions, has disclosed that its Microsoft Azure environment was compromised by an unidentified nation-state threat actor exploiting the recently identified vulnerability, CVE-2025-3928. In a statement, the company assured…
Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident
May 01, 2025
Zero-Day / Threat Intelligence
Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…