The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities affecting Broadcom's Brocade Fabric OS and Commvault's Web Server to its Known Exploited Vulnerabilities (KEV) catalog. This action highlights the urgency for organizations to address these security flaws, which are currently being exploited in the wild.

Key Takeaways

• CISA has added two high-severity vulnerabilities to its KEV catalog.

• The vulnerabilities are CVE-2025-1976 (Broadcom) and CVE-2025-3928 (Commvault).

• Both vulnerabilities have been linked to active exploitation.

• Federal agencies must apply patches by specified deadlines to mitigate risks.

Overview of Vulnerabilities

CISA's recent update includes the following vulnerabilities:

1. CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw in Broadcom's Brocade Fabric OS that allows a local user with administrative privileges to execute arbitrary code with full root access. This vulnerability affects Fabric OS versions 9.1.0 through 9.1.1d6 and has been patched in version 9.1.1d7.

2. CVE-2025-3928 (CVSS score: 8.7) - An unspecified vulnerability in the Commvault Web Server that enables a remote, authenticated attacker to create and execute web shells. This flaw affects multiple versions of the Commvault software and has been addressed in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217.

Exploitation Details

Both vulnerabilities have been confirmed to be actively exploited, although specific details regarding the nature of these attacks remain undisclosed. The implications of these vulnerabilities are significant, as they allow attackers to gain unauthorized access and control over critical systems.

• Broadcom's Vulnerability: The flaw in the Brocade Fabric OS arises from inadequate IP address validation, allowing an authenticated local user to execute any command or modify the OS itself.

• Commvault's Vulnerability: For the Commvault Web Server, exploitation requires that the attacker has valid user credentials, making it essential for organizations to secure their user access protocols.

Recommended Actions

CISA has mandated that federal agencies take immediate action to mitigate these vulnerabilities:

• For Commvault Web Server (CVE-2025-3928): Agencies must apply the necessary patches by May 17, 2025.

• For Broadcom Brocade Fabric OS (CVE-2025-1976): Patches should be implemented by May 19, 2025.

Organizations outside the federal sector are also encouraged to review their systems for these vulnerabilities and apply the relevant updates to safeguard against potential attacks.

The addition of these vulnerabilities to CISA's KEV catalog serves as a critical reminder of the ongoing threats in the cybersecurity landscape. Organizations must remain vigilant and proactive in addressing known vulnerabilities to protect their infrastructure from exploitation. As cyber threats continue to evolve, timely updates and security measures are essential for maintaining robust defenses against malicious actors.

As cyber threats grow more sophisticated, staying informed is more important than ever. BetterWorld Technology delivers advanced cybersecurity solutions designed to adapt with the threat landscape—ensuring your business stays protected while continuing to innovate. Take the first step toward stronger security—contact us today for a consultation!

Sources

• CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database, The Hacker News.

• U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its KnownExploited Vulnerabilities catalog, Security Affairs.