// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
ColdRecon / Breach Radar / Commvault
Breach Record

Commvault

DISCLOSED 2025-04-30 · UNPATCHED CVE

Commvault experienced a breach by a nation-state actor who exploited a zero-day vulnerability (CVE-2025-3928) in its Web Server software to plant webshells. The incident affected a small number of customers but did not compromise backup data. Commvault is working with cybersecurity firms and authorities, and CISA has added the CVE to its Known Exploited Vulnerabilities Catalog.

The record

What we know

Disclosed
2025-04-30
Attack vector
Unpatched Cve
Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the Commvault disclosure. It updates if new public reporting emerges. All tracked breaches →

Commvault just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →