Main Menu
,

CISA Flags Broadcom, CommVault, and Active! Mail Vulnerabilities as Actively Exploited

CISA adds Broadcom, CommVault, and Active! Mail vulnerabilities to KEV catalog following active exploitation reports, urging immediate patching by enterprise and critical infrastructure operators.
Facebook Twitter Youtube Linkedin
CISA Flags Broadcom, CommVault, and Active! Mail Vulnerabilities as Actively Exploited
Table of Contents
    Add a header to begin generating the table of contents

    CISA Adds Three New Actively Exploited Flaws to KEV Catalog

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include critical flaws in:

    • Broadcom Brocade Fabric OS
    • CommVault web servers
    • Qualitia Active! Mail clients

    Two of these flaws, in Broadcom and CommVault products, were not previously classified as exploited.

    Broadcom Brocade Fabric OS Vulnerability (CVE-2025-1976)

    Broadcom has confirmed active exploitation of a code execution flaw in Brocade Fabric OS, which manages Fibre Channel switches used in storage area networks (SAN).

    The vulnerability affects versions 9.1.0 to 9.1.1d6 and is tracked as CVE-2025-1976. It allows attackers with admin-level access to run arbitrary commands and alter the OS.

    “This vulnerability can allow the user to execute any existing Fabric OS command or can also be used to modify the Fabric OS itself,” Broadcom stated.

    Even though admin privileges are required, the flaw has been seen exploited in real-world attacks.

    The issue was resolved in version 9.1.1d7. Broadcom notes that the 9.2.0 release is not affected.

    CommVault Web Server Flaw (CVE-2025-3928)

    CISA also flagged CVE-2025-3928, a flaw in CommVault web servers, which are used for enterprise backup and recovery.

    Although the vulnerability requires authenticated access and exposure to the internet, attackers have been exploiting it to plant webshells on servers.

    The vulnerability was patched in the following versions:

    • 11.36.46
    • 11.32.89
    • 11.28.141
    • 11.20.217

    Fixes were issued for both Windows and Linux platforms.

    Active! Mail Client Exploitation (CVE-2025-42599)

    The third flaw, CVE-2025-42599, is a stack-based buffer overflow in Active! Mail, a webmail client widely deployed by financial and government entities in Japan.

    It affects all versions up to BuildInfo: 6.60.05008561 across all operating systems.

    The vulnerability was flagged last week by Japan’s CERT, and several ISPs and SMB providers confirmed outages tied to its exploitation.

    Trending
    Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack
    Vulnerability Alert – 30th April, 2025
    Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
    MTN Ghana Data Breach Impacts 5,700 Customers, Investigation Underway
    SK Telecom Offers Free SIM Replacements After Malware Breach Impacts USIM Data
    M&S Cyberattack Halts Online Sales, Triggers Major Financial Impact
    The Silent Majority: Why 51% of Internet Traffic Is Now Bots
    From 1,382 to 4 Million: What VeriSource Didn’t Know (or Say)
    Actively Exploited: Commvault Web Shells, Active! mail RCE, and Brocade Code Injection Now in KEV
    Over 1,200 SAP NetWeaver Servers Exposed to Actively Exploited Critical Vulnerability

    Daily Briefing Newsletter

    Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

    Related Posts

    LayerX Secures $45M Total to Battle Data Leaks, One Browser at a Time

    AirBorne: How a Zero-Click Bug Threatens Millions of Apple and Third-Party Devices

    $10.5M to Fight AI-Phishing: The Rise of Pistachio’s Cybersecurity Training Platform

    Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack

    Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack

    Vulnerability Alert - 30th April, 2025

    Vulnerability Alert – 30th April, 2025

    Fighting AI with AI Using Artificial Intelligence to Strengthen Enterprise Cybersecurity

    Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity