CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
10.0
CVE-2025-34028 - Commvault Command Center Path Traversal Vulnerability -
Action Due May 23, 2025 Target Vendor : Commvault
Description :Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-34028
8.8
CVE-2025-3928 - Commvault Web Server Unspecified Vulnerability -
Action Due May 19, 2025 Target Vendor : Commvault
Description :Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html; https://www.commvault.com/blogs/notice-security-advisory-update; https://nvd.nist.gov/vuln/detail/CVE-2025-3928