Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Commvault ZeroDay Flaw Risks Secrets

May 23, 2025
Reading Time: 2 mins read
in Alerts
TikTok Videos Spread Vidar StealC Malware

CISA issued an urgent advisory about ongoing cyber threats targeting Commvault’s cloud applications. These software-as-a-service (SaaS) applications are specifically hosted in Microsoft Azure cloud environments. Threat actors have successfully accessed sensitive client secrets for Commvault’s Metallic M365 backup solution. This provided the attackers with unauthorized access directly to customer M365 cloud environments. Commvault stores its vital application secrets within these specific customer M365 environments. CISA noted this activity might be part of a much broader attack campaign. This wider campaign appears to be targeting various different software-as-a-service cloud providers. It often exploits cloud infrastructures that have default configurations or elevated permissions.

This attack campaign primarily centers on exploiting the zero-day vulnerability CVE-2025-3928. This is a critical unspecified flaw found in the Commvault Web Server software. It was initially discovered by security researchers back in the month of February 2025. Commvault confirmed a nation-state threat actor breached its Microsoft Azure cloud environment. The actor exploited this flaw allowing remote authenticated attackers to create and execute webshells. Multiple different Commvault software versions are unfortunately affected by this dangerous security flaw. However important security patches are now available in the latest updated Commvault software versions. CISA added CVE-2025-3928 to its Known Exploited Vulnerabilities catalog in late April 2025. Federal agencies were mandated to apply necessary patches by the May 19, 2025 deadline.

The successful exploitation of this flaw allowed attackers to access Metallic app client secrets. This consequently enabled their unauthorized entry into Commvault customers’ Microsoft 365 cloud environments. Commvault has publicly identified several specific malicious IP addresses associated with this attack. The company maintains that no actual customer backup data was compromised in this incident. They also firmly state that their core business operations currently remain largely unaffected. However this breach clearly demonstrates sophisticated targeting of various cloud service provider platforms. Attackers often aim to gain lateral access into valuable customer cloud environments. Commvault said the actor uses sophisticated techniques to try to gain M365 access. The company has taken several remedial actions including rotating M365 app credentials.

CISA is recommending that users and administrators follow its comprehensive mitigation guidance. Organizations should immediately implement multiple important recommended security controls to protect their systems. Key recommendations include monitoring Microsoft Entra audit logs for any unauthorized credential modifications. They should also implement conditional access policies restricting service principal authentication to approved IPs. Rotating application secrets used for Metallic applications between February and May 2025 is crucial. Organizations must also review various logs and conduct internal threat hunting for suspicious activity. Restricting access to Commvault management interfaces only to trusted networks is also advised. Deploying Web Application Firewalls can help detect path-traversal attempts and suspicious file uploads. CISA continues to investigate this malicious activity in collaboration with its partner organizations.

Reference:

  • CISA Warns Commvault Cloud Breach Exposes Microsoft 365 Secrets
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMay 2025
ADVERTISEMENT

Related Posts

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

June 13, 2025
VexTrio TDS Uses Adtech To Spread Malware

VexTrio TDS Uses Adtech To Spread Malware

June 13, 2025
VexTrio TDS Uses Adtech To Spread Malware

Old Discord Links Now Lead To Malware

June 13, 2025
SmartAttack Uses Sound To Steal PC Data

SmartAttack Uses Sound To Steal PC Data

June 13, 2025
SmartAttack Uses Sound To Steal PC Data

Coordinated Brute Force Hits Tomcat Manager

June 13, 2025
SmartAttack Uses Sound To Steal PC Data

Pentest Tool TeamFiltration Hits Entra ID

June 12, 2025

Latest Alerts

Old Discord Links Now Lead To Malware

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

Coordinated Brute Force Hits Tomcat Manager

SmartAttack Uses Sound To Steal PC Data

Pentest Tool TeamFiltration Hits Entra ID

Subscribe to our newsletter

    Latest Incidents

    Cyberattack On Brussels Parliament Continues

    Swedish Broadcaster SVT Hit By DDoS

    Major Google Cloud Outage Disrupts Web

    AI Spam Hijacks Official US Vaccine Site

    DragonForce Ransomware Hits Philly Schools

    Erie Insurance Cyberattack Halts Operations

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial