Enterprise knowledge backup platform Commvault has revealed that an unknown nation-state menace actor breached its Microsoft Azure atmosphere by exploiting CVE-2025-3928 however emphasised there is no such thing as a proof of unauthorized knowledge entry.
“This exercise has affected a small variety of clients we have now in frequent with Microsoft, and we’re working with these clients to offer help,” the corporate said in an replace.
“Importantly, there was no unauthorized entry to buyer backup knowledge that Commvault shops and protects, and no materials influence on our enterprise operations or our capacity to ship services.”
In an advisory issued on March 7, 2025, Commvault mentioned it was notified by Microsoft on February 20 about unauthorized exercise inside its Azure atmosphere and that the menace actor exploited CVE-2025-3928 as a zero-day. It additionally mentioned it rotated affected credentials and enhanced safety measures.
The disclosure comes because the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added CVE-2025-3928 to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Government Department (FCEB) businesses to use the mandatory patches for Commvault Internet Server by Could 19, 2025.
To mitigate the danger posed by such assaults, clients are suggested to use a Conditional Entry coverage to all Microsoft 365, Dynamics 365, and Azure AD single-tenant app registrations, and rotate and sync shopper secrets and techniques between Azure portal and Commvault each 90 days.
The corporate can be urging customers to watch sign-in exercise to detect any entry makes an attempt originating from IP addresses outdoors of the allowlisted ranges. The next IP addresses have been related to malicious exercise –
- 108.69.148.100
- 128.92.80.210
- 184.153.42.129
- 108.6.189.53, and
- 159.242.42.20
“These IP addresses ought to be explicitly blocked inside your Conditional Entry insurance policies and monitored in your Azure sign-in logs,” Commvault said. “If any entry makes an attempt from these IPs are detected, please report the incident instantly to Commvault Assist for additional evaluation and motion.”
Source link