Hackers on the Loose: New Security Flaws in Broadcom and Commvault Under Attack!
CISA adds two high-severity flaws to its Known Exploited Vulnerabilities catalog. Broadcom Brocade Fabric OS and Commvault Web Server vulnerabilities are actively exploited, with one requiring administrative privileges and the other needing authenticated user credentials. Federal agencies must patch these flaws by mid-May.
Hot Take:
Well, it looks like hackers have been busy bees, exploiting vulnerabilities in Broadcom and Commvault like they’re going out of style. If only they channeled that energy into something less nefarious, like starting a band or perfecting the art of sourdough. But alas, here we are, with CISA once again swooping in like a digital superhero to save the day. Patch those systems, folks, or you might end up with more than just egg on your face!
Key Points:
- CISA has added vulnerabilities in Broadcom Brocade Fabric OS and Commvault Web Server to its KEV catalog due to active exploitation.
- CVE-2025-1976 allows local admin users to execute arbitrary code with root privileges on Broadcom systems.
- CVE-2025-3928 lets remote attackers execute web shells on Commvault servers if they have authenticated credentials.
- Broadcom’s flaw has been fixed in Fabric OS version 9.1.1d7, while Commvault’s issues are patched in various versions.
- FCEB agencies are advised to patch by mid-May 2025.