The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities affecting Broadcom, Commvault, and Qualitia to its Known Exploited Vulnerabilities (KEV) catalog, according to SecurityWeek. These flaws, recently patched by vendors, are now being actively exploited in the wild, prompting urgent guidance for organizations to update affected systems immediately.In Broadcom’s Brocade Fabric OS, the vulnerability tracked as CVE-2025-1976 allows attackers with admin-level privileges to run arbitrary code as root. The flaw stems from improper IP address validation and affects versions 9.1.0 through 9.1.1d6. An attacker exploiting this issue could modify the Fabric OS itself, potentially undermining the entire fabric infrastructure. The issue has been resolved in version 9.1.1d7.Commvault’s webserver is also under active attack via CVE-2025-3928, a vulnerability that enables remote, authenticated attackers to deploy webshells and compromise affected instances. The issue affects certain versions of Commvault 11.x across both Windows and Linux environments. Fixes were released in February, with further patches issued shortly afterward to bolster the webserver module’s security.The third vulnerability, CVE-2025-42599, impacts Qualitia’s Active! mail 6 and poses a high risk due to its potential for remote code execution and denial-of-service. This stack-based buffer overflow can be triggered by unauthenticated users through specially crafted requests. Organizations using the affected mail system are advised to prioritize patching as exploitation activity has been observed.
Vulnerability Management
CISA Flags Actively Exploited Flaws in Broadcom, Commvault, and Qualitia Products
(Adobe Stock)
You can skip this ad in 5 seconds