Commvault, a well-known company that helps other businesses protect and manage their digital data, recently shared that it had experienced a cyberattack. However, the company clarified that none of the backup data it stores for customers was accessed or harmed during the incident.
The breach was discovered in February 2025 after Microsoft alerted Commvault about suspicious activity taking place in its Azure cloud services. After being notified, the company began investigating the issue and found that a very small group of customers had been affected. Importantly, Commvault stated that its systems remained up and running, and there was no major impact on its day-to-day operations.
Danielle Sheer, Commvault’s Chief Trust Officer, said the company is confident that hackers were not able to view or steal customer backup data. She also confirmed that Commvault is cooperating with government cybersecurity teams, including the FBI and CISA, and is receiving support from two independent cybersecurity firms.
Details About the Vulnerability
It was discovered that the attackers gained access by using a weakness in Commvault’s web server software. This flaw, now fixed, allowed hackers with limited permissions to install harmful software on affected systems. The vulnerability, known by the code CVE-2025-3928, had not been known or patched before the breach, making it what experts call a “zero-day” issue.
Because of the seriousness of this bug, CISA (Cybersecurity and Infras
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.