On April 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified two high-severity security vulnerabilities in Broadcom Brocade Fabric OS and Commvault Web Server that are actively being exploited in the wild. The vulnerabilities, labeled CVE-2025-1976 and CVE-2025-3928, allow attackers to execute arbitrary code with root privileges and create and execute web shells, respectively.
Commvault released an advisory in February 2025 stating that exploiting the CVE-2025-3928 vulnerability requires authenticated user credentials within the Commvault Software environment. The vulnerability affects various Windows and Linux versions and requires the environment to be accessible via the internet and compromised through legitimate user credentials.
Broadcom addressed the CVE-2025-1976 vulnerability in Fabric OS versions 9.1.0 through 9.1.1d6, where a flaw in IP Address validation allows a local user with admin privilege to execute arbitrary code with root privileges. The vulnerability has been fixed in version 9.1.1d7, preventing users from executing unauthorized commands or modifying Fabric OS.
Despite the need for valid access to a role with admin privileges, the CVE-2025-1976 vulnerability has been actively exploited in the field. The specifics of the attacks, their scale, and the perpetrators behind them remain undisclosed. Federal Civilian Executive Branch (FCEB) agencies are advised to apply patches for the Commvault Web Server and Broadcom Brocade Fabric OS by May 17 and May 19, 2025, respectively.
Source link