Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

Description

Commvault, an enterprise data backup platform, disclosed a breach in its Microsoft Azure environment by an unknown nation-state threat actor. The attackers exploited CVE-2025-3928 as a zero-day vulnerability, affecting a small number of shared customers with Microsoft. Commvault emphasized that no unauthorized access to customer backup data occurred and there was no material impact on business operations. The company has implemented security measures, including credential rotation and enhanced monitoring. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch affected systems. Commvault advised customers to apply Conditional Access policies, rotate client secrets, and monitor sign-in activity from specific IP addresses associated with malicious activity.