CyberSecurity news
FlagThis
@www.helpnetsecurity.com
//
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgent need for organizations to address these security flaws. The newly added vulnerabilities include a code injection flaw in Broadcom Brocade Fabric OS (CVE-2025-1976), an unspecified vulnerability in Commvault Web Server (CVE-2025-3928), and a vulnerability in Qualitia Active! Mail. CISA's inclusion of these vulnerabilities in the KEV catalog indicates that they are being actively exploited in the wild, posing a significant risk to federal enterprises and other organizations.
CISA strongly urges all organizations to prioritize the timely remediation of these Known Exploited Vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks. The Broadcom Brocade Fabric OS vulnerability (CVE-2025-1976) allows a local user with administrative privileges to execute arbitrary code with full root privileges. The Commvault Web Server vulnerability (CVE-2025-3928) enables a remote, authenticated attacker to create and execute web shells. Successful exploitation of these flaws could lead to significant system compromise and data breaches.
Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the necessary patches for the Commvault Web Server by May 17, 2025, and for Broadcom Brocade Fabric OS by May 19, 2025. While there are currently no public details on how the vulnerabilities have been exploited in the wild, the scale of the attacks, and who may be behind them, organizations are advised to follow CISA's guidance and implement the necessary security updates to protect their systems. Tenable Vulnerability Watch classification system can help organizations prioritize the exposures that represent the greatest risk to their operations.
ImgSrc: img.helpnetsecu
References :
CISA strongly urges all organizations to prioritize the timely remediation of these Known Exploited Vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks. The Broadcom Brocade Fabric OS vulnerability (CVE-2025-1976) allows a local user with administrative privileges to execute arbitrary code with full root privileges. The Commvault Web Server vulnerability (CVE-2025-3928) enables a remote, authenticated attacker to create and execute web shells. Successful exploitation of these flaws could lead to significant system compromise and data breaches.
Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the necessary patches for the Commvault Web Server by May 17, 2025, and for Broadcom Brocade Fabric OS by May 19, 2025. While there are currently no public details on how the vulnerabilities have been exploited in the wild, the scale of the attacks, and who may be behind them, organizations are advised to follow CISA's guidance and implement the necessary security updates to protect their systems. Tenable Vulnerability Watch classification system can help organizations prioritize the exposures that represent the greatest risk to their operations.
ImgSrc: img.helpnetsecu
Share:
References :
- securityaffairs.com: U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog
- The Hacker News: TheHackerNews article on CISA Adding Actively Exploited Broadcom and Commvault Flaws to KEV Database
- The DefendOps Diaries: Understanding the Broadcom Brocade Fabric OS Vulnerability: A Critical Security Threat
- BleepingComputer: CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
- Help Net Security: CISA warns about actively exploited Broadcom, Commvault vulnerabilities
- Anonymous ???????? :af:: : Two critical flaws — in Broadcom Fabric OS (CVE-2025-1976) and Commvault Web Server (CVE-2025-3928) — are now on the Known Exploited Vulnerabilities (KEV) list. 🔹 Both bugs are actively exploited. 🔹 Admin access can lead to full system compromise. 🔹 Patching deadlines: May 17–19, 2025.
- www.scworld.com: Ongoing intrusions leveraging a critical Qualitia flaw in Active! mail 6 and a pair of high-severity bugs in the Commvault webserver and Broadcom Brocade Fabric OS have been reported by the Cybersecurity and Infrastructure Security Agency, which urged the remediation of the issues by May 17 following their inclusion in its Known Exploited Vulnerabilities catalog, according to SecurityWeek.
Classification:
- HashTags: #CISA #Vulnerability #Exploitation
- Company: CISA
- Target: Federal Civilian Executive Branch
- Feature: Vulnerability Management
- Type: Vulnerability
- Severity: Major