Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

SUMMARY :

Commvault, an enterprise data backup platform, disclosed a breach in its Microsoft Azure environment by an unknown nation-state threat actor. The attackers exploited CVE-2025-3928 as a zero-day vulnerability, affecting a small number of shared customers with Microsoft. Commvault emphasized that no unauthorized access to customer backup data occurred and there was no material impact on business operations. The company has implemented security measures, including credential rotation and enhanced monitoring. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch affected systems. Commvault advised customers to apply Conditional Access policies, rotate client secrets, and monitor sign-in activity from specific IP addresses associated with malicious activity.

OPENCTI LABELS :

data breach,microsoft azure,cve-2025-3928,enterprise backup,azure ad,dynamics 365


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach