The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks.
The flaws were added yesterday to CISA’s ‘Known Exploited Vulnerabilities’ (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited.
Broadcom Brocade Fabric OS is a specialized operating system that runs on the company’s Brocade Fibre Channel switches to manage and optimize storage area networks (SAN).
Earlier this month, Broadcom disclosed an arbitrary code execution flaw impacting Fabric OS versions 9.1.0 through 9.1.1d6, tracked under CVE-2025-1976.
While the flaw requires admin privileges to exploit, Broadcom says it has been actively exploited in attacks.
“This vulnerability can allow the user to execute any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their own subroutines,” reads Broadcom’s bulletin.
“Even though achieving this exploit first requires valid access to a role with admin privileges, this vulnerability has been actively exploited in the field.”
CVE-2025-1976 was addressed with the release of Brocade Fabric OS 9.1.1d7. The latest branch, 9.2.0, is not impacted by this vulnerability.
The Commvault flaw, tracked under CVE-2025-3928, is an unspecified security problem that authenticated attackers can exploit remotely to plant webshells on target servers.
Commvault web servers are user-facing and API components of a backup system used by enterprises to protect and restore critical data.
Despite the requirements for authentication and exposure of the environment to the internet, the flaw is under active exploitation in the wild.
CVE-2025-3928 was fixed in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
The third flaw CISA added to KEV is CVE-2025-42599, a stack-based buffer overflow problem impacting all versions of Active! up to and including ‘BuildInfo: 6.60.05008561’ on all OS platforms.
Active! mail is a web-based email client widely used by government, financial, and IT service organizations in Japan.
The flaw was flagged as actively exploited last week by Japan’s CERT, while SMB providers and ISPs in the country also announced service outages caused by related exploitation activity.
Qualitia addressed the problem with the release of Active! Mail 6 BuildInfo: 6.60.06008562.
CISA has given impacted organizations until May 17, 2025, to apply fixes or available mitigations for CVE-2025-3928 and May 19, 2025, for the other two flaws.