The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog by incorporating two significant security flaws affecting Broadcom’s Brocade Fabric OS and Commvault’s Web Server. This action underscores the critical need for organizations to promptly address these vulnerabilities to mitigate potential security breaches.
Details of the Vulnerabilities:
1. CVE-2025-1976 (CVSS Score: 8.6): This code injection vulnerability exists in Broadcom’s Brocade Fabric OS versions 9.1.0 through 9.1.1d6. It allows a local user with administrative privileges to execute arbitrary code with root-level access. Broadcom has addressed this issue in version 9.1.1d7. The company highlighted that, despite requiring valid administrative access, this vulnerability has been actively exploited in real-world scenarios.
2. CVE-2025-3928 (CVSS Score: 8.7): An unspecified flaw in Commvault’s Web Server enables a remote, authenticated attacker to create and execute web shells. This vulnerability affects multiple versions across Windows and Linux platforms, specifically:
– 11.36.0 – 11.36.45 (Fixed in 11.36.46)
– 11.32.0 – 11.32.88 (Fixed in 11.32.89)
– 11.28.0 – 11.28.140 (Fixed in 11.28.141)
– 11.20.0 – 11.20.216 (Fixed in 11.20.217)
Commvault emphasized that exploitation requires authenticated user credentials within the Commvault environment. Unauthenticated access is not exploitable. For software customers, this means the environment must be accessible via the internet, compromised through an unrelated avenue, and accessed using legitimate user credentials.
Implications and Recommendations:
The inclusion of these vulnerabilities in the KEV catalog signifies their active exploitation and the substantial risk they pose. Organizations utilizing the affected Broadcom and Commvault products should prioritize the following actions:
– Immediate Patching: Apply the latest security updates provided by Broadcom and Commvault to remediate these vulnerabilities.
– Access Control Review: Evaluate and strengthen access controls to ensure that only authorized personnel have administrative privileges, thereby reducing the risk of exploitation.
– Network Monitoring: Implement continuous monitoring to detect any unusual activities that may indicate exploitation attempts.
– User Credential Management: Ensure robust management of user credentials, including regular updates and adherence to strong password policies, to prevent unauthorized access.
CISA’s Directive:
In accordance with Binding Operational Directive (BOD) 22-01, CISA mandates that Federal Civilian Executive Branch (FCEB) agencies address these vulnerabilities by the specified deadlines:
– Commvault Web Server (CVE-2025-3928): Remediation by May 17, 2025.
– Broadcom Brocade Fabric OS (CVE-2025-1976): Remediation by May 19, 2025.
While this directive specifically targets FCEB agencies, CISA strongly encourages all organizations to proactively address these vulnerabilities to safeguard their systems against potential threats.
Conclusion:
The active exploitation of these vulnerabilities in Broadcom and Commvault products highlights the evolving nature of cyber threats. Organizations must remain vigilant, promptly apply security patches, and implement comprehensive security measures to protect their infrastructure. By adhering to CISA’s recommendations and maintaining a proactive security posture, organizations can significantly reduce their exposure to cyberattacks.
