The ongoing exploitation of a Commvault vulnerability that was targeted as a zero-day is likely part of a broader campaign against software-as-a-service (SaaS) solutions, the US cybersecurity agency CISA says.
Tracked as CVE-2025-3928 (CVSS score of 8.7), the unspecified security defect allows remote attackers to create and execute webshells, fully compromising vulnerable instances.
https://www.securityweek.com/companies- ... loitation/