CISA Warns of Actively Exploited Brocade, Commvault, and Qualitia Active! Mail Vulnerabilities (CVE-2025-1976, CVE-2025-3928, and CVE-2025-42599)

Posted by Author Diksha Ojha on Posted on

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about two high-severity vulnerabilities impacting Broadcom Brocade Fabric OS and Commvault Web server. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch them before May 19, 2025.

CVE-2025-1976: Brocade Fabric OS Code Injection Vulnerability 

An attacker must have valid access to a role with admin privileges. The improper IP Address validation flaw may allow a local user with a pre-defined admin role or a user-defined role with admin-level privileges to execute arbitrary code with full root-level access. The vulnerability can allow the user to perform any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their subroutines.

CVE-2025-3928: Commvault Web Server Unspecified Vulnerability

An attacker must have authenticated user credentials within the Commvault Software environment to exploit the vulnerability. Unauthenticated access is not exploitable. An attacker may exploit the vulnerability to create and execute webshells.

For software customers, vulnerability is exploitable when the instance is

  1. accessible via the internet
  2. compromised through an unrelated avenue
  3. accessed by leveraging legitimate user credentials

CVE-2025-42599: Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability

A remote attacker may exploit the stack-based buffer overflow vulnerability by sending a crafted request. Upon successful exploitation, an attacker can execute arbitrary code or cause a denial of service (DoS).

Affected Versions

CVE-2025-1976:

The vulnerability affects Brocade Fabric OS versions 9.1.0 through 9.1.1d6.

CVE-2025-3928:

The vulnerability affects the following Commvault Windows and Linux versions:

  • 11.36.0 through 11.36.45
  • 11.32.0 through 11.32.88
  • 11.28.0 through 11.28.140
  • 11.20.0 through 11.20.216
CVE-2025-42599:

The vulnerability affects Active! Mail 6 BuildInfo 6.60.0500856 and older versions.

Mitigation

CVE-2025-1976:

Users must upgrade to the Brocade Fabric OS version 9.1.1d7 to patch the vulnerability.

For more information, please refer to the Broadcom Security Advisory (BSA-2025-2930).

CVE-2025-3928:

Users must upgrade to the following versions to patch the vulnerability:

  • 11.36.46
  • 11.32.89
  • 11.28.141
  • 11.20.217

For more information, please refer to the Commvault Security Advisory.

CVE-2025-42599:

Users must upgrade to Active! Mail 6 BuildInfo 6.60.06008562 to patch the vulnerability.

For more information, please refer to the Qualitia Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 38981 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.qualitia.com/jp/news/2025/04/18_1030.html
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602

Leave a Reply

Your email address will not be published. Required fields are marked *