CISA Adds Actively Exploited Broadcom and Commvault Vulnerabilities to Critical Threat List

By /

Listen to this Post

Featured Image
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert involving two severe vulnerabilities now confirmed as actively exploited in real-world attacks. These flaws affect widely used infrastructure components—Broadcom’s Brocade Fabric OS and Commvault’s Web Server—and have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, marking them as urgent risks to national cybersecurity.

Two New Critical Vulnerabilities: A Breakdown

CISA’s advisory highlights two newly discovered and actively exploited vulnerabilities:

  • CVE-2025-1976 – Scored at 8.6 on the CVSS scale, this is a code injection vulnerability affecting Broadcom Brocade Fabric OS. It allows a local admin user to execute arbitrary code with root privileges, putting the entire system integrity at risk.

  • CVE-2025-3928 – With a CVSS score of 8.7, this flaw resides in the Commvault Web Server. It lets a remote attacker with valid credentials deploy and execute web shells, potentially leading to full system compromise.

The Commvault flaw demands three conditions for exploitation:

  1. The environment must be exposed to the internet.
  2. A previous compromise must have occurred to gain access.

3. The attacker must use valid user credentials.

The vulnerability spans across several Commvault software versions for both Windows and Linux:

– 11.36.0 – 11.36.45 (fixed in 11.36.46)

– 11.32.0 – 11.32.88 (fixed in 11.32.89)

– 11.28.0 – 11.28.140 (fixed in 11.28.141)

– 11.20.0 – 11.20.216 (fixed in 11.20.217)

In the case of Broadcom’s Fabric OS issue, it stems from a fault in IP address validation, specifically affecting versions 9.1.0 through 9.1.1d6. The vulnerability has been patched in version 9.1.1d7.

Although the flaw requires prior access to an admin-level account, it enables the attacker to execute any command supported by the operating system or even inject custom subroutines into the Fabric OS. Broadcom confirmed active exploitation of this vulnerability in environments where such access was available.

CISA has instructed federal agencies to patch:

– Commvault Web Server by May 17, 2025

  • Broadcom Brocade Fabric OS by May 19, 2025

Despite public disclosure, technical details about the method of exploitation, the scale of attacks, or the identity of the threat actors remain unknown.

What Undercode Say:

This development underlines an increasingly frequent pattern in today’s cybersecurity landscape: severe but silent vulnerabilities, disclosed only after real-world exploitation has already begun.

Let’s examine what this incident tells us:

  1. Privilege escalation remains one of the most potent tools for attackers. In the Broadcom case, an attacker starting from an admin role can escalate their control to full root access—akin to giving a burglar not just the house keys, but also the blueprint and alarm codes.

  2. Credential theft is king in modern exploitation. Commvault’s flaw isn’t exploitable by unauthenticated users. But in a post-intrusion phase—after phishing, credential stuffing, or lateral movement—it becomes a deadly enabler.

  3. The vulnerabilities impact critical infrastructure technologies. Brocade Fabric OS is often found in enterprise storage and data center fabrics. A compromise here doesn’t just affect a single app—it potentially gives attackers reach into vast swathes of an enterprise’s internal network.

  4. The timeline of patching is tight. Given that both flaws are actively exploited and already embedded in KEV, federal agencies have been given less than a month to fully patch. This indicates the perceived severity and urgency at a national level.

  5. Attack surface management has become non-negotiable. If Commvault’s services weren’t internet-facing, or if admin access on Broadcom devices were better restricted, these vulnerabilities would not be exploitable—even if unpatched.

  6. This reflects a growing trend of “authenticated-only” vulnerabilities being used effectively in the wild. Often such flaws are dismissed as lower priority since they need access—but real-world attackers clearly have no trouble acquiring valid credentials.

  7. Broadcom’s flaw is particularly dangerous for persistent access. The ability to inject custom subroutines can potentially leave behind deep-rooted backdoors, surviving even system reboots or basic patching.

  8. No public IOCs (Indicators of Compromise) have been released, limiting defenders’ ability to retroactively detect breaches. This raises serious operational challenges for SOCs and blue teams.

9.

  1. Security by obscurity continues to backfire. Both vendors disclosed only partial information. While this can sometimes delay copycat exploitation, it also slows down community-based detection and mitigation.

Organizations need to:

  • Immediately inventory systems running the affected Commvault and Broadcom versions.
  • Verify the exposure of these systems to the internet.

– Implement multifactor authentication wherever possible.

  • Harden credentials by rotating passwords, especially for admin accounts.
  • Monitor for signs of suspicious shell activity and privilege escalations.

This incident once again underscores that exploitation isn’t theoretical—if a vulnerability is serious, attackers will find it and use it, often long before the defenders are ready.

Fact Checker Results:

  • Active exploitation has been confirmed by both Broadcom and CISA.
  • Patches are available for all affected versions and should be applied without delay.
  • The vulnerabilities require valid credentials or admin-level access, confirming that access control and identity protection remain central to cyber defense.

Would you like a visual diagram showing how each vulnerability is exploited and patched?

References:

Reported By: thehackernews.com
Extra Source Hub:
https://www.quora.com/topic/Technology
Wikipedia
Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Explore More: