Introduction:

New Threats Added to CISA’s Known Exploited Vulnerabilities (KEV) 

The inclusion of CVE-2025-1976 and CVE-2025-3928 in CISA’s KEV catalog serves as a clear signal that these vulnerabilities are already being actively exploited. When CISA adds a vulnerability to this list, it’s not a theoretical risk; it means that attackers are already using it to compromise systems.
Organizations using Broadcom Brocade Fabric OS and Commvault Web Server are at particular risk. These vulnerabilities have been confirmed to be in active use by threat actors, making patching and mitigation strategies urgent. If your systems run any affected versions, patching is no longer optional—it’s a necessity.

Key Insights Into the Vulnerabilities

1. CVE-2025-1976 — Broadcom Brocade Fabric OS

• CVSS Score: 8.6 (High Severity)
• Risk: A critical flaw in the IP address validation within Broadcom Brocade’s Fabric OS allows local administrators to exploit the vulnerability and execute arbitrary code with root privileges.
• Impact: A successful exploit could allow attackers to modify the Fabric OS, install backdoors, or inject rogue commands directly into the infrastructure. Given that Fabric OS is integral to the management of data center switching, attackers can gain control over traffic flows, intercept data, or launch lateral attacks.
• Affected Versions: Several versions of Brocade Fabric OS are vulnerable, especially older or end-of-life versions.
• Solution: It’s crucial to upgrade to Fabric OS 9.1.1d7 immediately and ensure a full audit of all fabric switches to confirm vulnerability exposure.

Why This Is Dangerous: Fabric OS is central to managing critical data center networks. A successful attack could result in full network compromise, including the ability to redirect traffic, eavesdrop on

data exchanges, or disrupt key business operations. Such vulnerabilities don’t just impact isolated systems—they can compromise entire infrastructure ecosystems.

2. CVE-2025-3928 — Commvault Web Server

• CVSS Score: 8.7 (High Severity)
• Risk: This vulnerability allows authenticated attackers to upload and execute web shells on the Commvault Web Server, potentially leading to full system compromise.
• Impact: Once the attacker has access, they can exfiltrate sensitive data, install ransomware, or gain persistent access for future attacks. This vulnerability underscores the importance of strong authentication practices, as exploitation requires valid user credentials.
• Mitigation: To patch, ensure you upgrade to any of the following secure versions:
• 11.36.46
• 11.32.89
• 11.28.141
• 11.20.217

Important Note: Although exploitation requires user credentials, organizations should immediately enhance security by:

• Implementing Multi-Factor Authentication (MFA) wherever possible.
• Strengthening access controls and limiting administrator privileges.

Why These Vulnerabilities Matter 

Supply Chain Risks

Broadcom Brocade and Commvault products are widely used across critical infrastructure sectors, including healthcare, financial services, manufacturing, and telecommunications. A single vulnerable system within a supply chain can cascade and expose other connected entities. This creates a significant risk for businesses that rely on these technologies, as an attacker exploiting a vulnerability in one system could access other systems within the network, creating potential for widespread disruption.

Active Exploitation in the Wild

Both vulnerabilities are actively exploited, as confirmed by CISA’s addition to the KEV catalog. The presence of real-world exploitation in the wild means that organizations cannot afford to delay patching. Even if you’re not currently targeted, waiting could result in a breach.
Although CISA hasn’t shared full technical details, its advisory should serve as a strong enough warning to prioritize patching efforts. The reality is that attackers are using automated tools to exploit known vulnerabilities, making manual patching and system updates critical to maintaining security.

Digitalert’s Perspective: Proactive Defense Is the Only Defense

At Digitalert, we’ve observed a staggering 40% increase in attacks targeting legacy software vulnerabilities in 2025 alone. These attacks often rely on automated scripts that are highly efficient, meaning organizations that delay patching face severe risks. Vulnerabilities like CVE-2025-1976 and CVE-2025-3928 show why proactive defense strategies must be implemented immediately.
Based on our extensive field experience and threat intelligence, we recommend the following actions:

1. Audit Systems
Conduct a comprehensive inventory and audit of all systems using Broadcom Brocade Fabric OS and Commvault Web Server. Identify all installations running affected versions and begin patching as soon as possible. Include legacy systems in your audit, as they are often the most vulnerable.

2. Isolate Critical Assets
If you’re unable to patch immediately, isolate vulnerable systems from the core network to limit potential damage. Segment these systems and restrict administrative access to only essential personnel. Additionally, keep a close eye on network traffic for unusual activity, especially traffic related to backup systems or fabric switches.

3. Monitor for Anomalous Activity

The next step is to monitor your systems for signs of a breach. Look out for:

• Unexpected administrative activities or login attempts.
• Signs of web shell artifacts on Commvault servers.
• Unusual traffic patterns originating from fabric switches or backup servers.

Deploy enhanced logging and real-time alerting to stay ahead of potential exploitation.

CISA Compliance Deadlines

CISA mandates that federal agencies must patch these vulnerabilities by the following deadlines:

• CVE-2025-1976 (Broadcom Brocade): May 17, 2025
• CVE-2025-3928 (Commvault): May 19, 2025

Private sector organizations should align with these deadlines as well. Delays in patching could expose your organization to regulatory scrutiny or legal liability in the event of a breach. Meeting these deadlines is not only a compliance issue—it’s essential to mitigate the risks posed by these critical vulnerabilities.

Conclusion: Act Now Before It’s Too Late

The cybersecurity landscape in 2025 is unforgiving. Attackers are leveraging automated tools to exploit vulnerabilities like CVE-2025-1976 and CVE-2025-3928 at a rapid pace. Organizations must act fast to patch systems, harden authentication mechanisms, and monitor networks for suspicious activity.
Remember: Cybersecurity isn’t just about technology—it’s about resilience. Every unpatched system is a potential entry point for attackers. By patching now and implementing proactive defense strategies, you can significantly reduce your organization’s risk exposure.

Is Your Organization Exposed?

At Digitalert, we specialize in helping enterprises close vulnerabilities before they become breaches. Need a vulnerability assessment?

1. Want advice on patch prioritization or threat monitoring?
2. Contact us for a free consultation and share your patch management challenges.

👉 Stay updated with real-time threat intelligence—follow Digialert and VinodSenthil on LinkedIn.