The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with new additions, highlighting active exploitation of critical vulnerabilities in Commvault Web Server, Broadcom Brocade Fabric OS, and Qualitia Active! Mail. These vulnerabilities present significant risks to affected systems and underline the urgency of applying mitigation measures.
1. Commvault Web Server Vulnerability (CVE-2025-3928)
Overview
This vulnerability enables remote, authenticated attackers to execute malicious web shells on vulnerable systems, leading to remote code execution (RCE).
Affected Versions
Commvault Web Server running:
- 11.36.0 – 11.36.45 (Patch: 11.36.46).
- 11.32.0 – 11.32.88 (Patch: 11.32.89).
- 11.28.0 – 11.28.140 (Patch: 11.28.141).
- 11.20.0 – 11.20.216 (Patch: 11.20.217).
Exploitation Details
- Requires valid credentials to exploit via internet-exposed interfaces.
- Can lead to the establishment of web shells for persistent and unauthorized system access.
Mitigation Deadline
FCEB agencies must patch systems by May 17, 2025.
2. Broadcom Brocade Fabric OS Vulnerability (CVE-2025-1976)
Overview
This code injection vulnerability enables administrative users to gain root privileges by injecting arbitrary commands into the Fabric OS environment.
Affected Versions
Broadcom Brocade Fabric OS versions:
- 9.1.0 through 9.1.1d6 (Patch: 9.1.1d7).
Exploitation Details
- Attackers with local administrative access can modify core system functions and compromise system integrity.
Mitigation Deadline
FCEB agencies must patch systems by May 19, 2025.
3. Qualitia Active! Mail Vulnerability (CVE-2025-42599)
Overview
A stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending specially crafted emails to vulnerable mail servers.
Affected Versions
Qualitia Active! Mail running:
- Versions prior to 5.8.3.
Exploitation Details
- Exploitation involves sending malformed email messages that overflow server buffers, granting attackers full control.
Mitigation Deadline
FCEB agencies must patch systems by May 20, 2025.
Implications and Risks
- Remote Code Execution (RCE): Enables unauthorized control of systems for Commvault and Qualitia vulnerabilities.
- Privilege Escalation: Broadcom Fabric OS vulnerability allows administrative users to gain root access.
- Operational Disruption: Exploitation may lead to downtime, data theft, and compromised system functionality.
Recommendations
Organizations are strongly advised to:
- Apply Available Patches Immediately: Ensure all affected systems are updated to mitigate active exploitation risks.
- Restrict Exposure: Limit access to vulnerable interfaces to trusted IP addresses only.
- Monitor Activity: Use Intrusion Detection Systems (IDS) and conduct audits to detect exploitation attempts.
