Cyber threat actors are exploiting a Commvault vulnerability tracked as CVE-2025-3928. The flaw in the Commvault Web Server could allow an authenticated remote user to create and execute web shells. Commvault is widely used for data backup and management; successful exploitation of this vulnerability could provide threat actors with access to sensitive backup data and facilitate ransomware attacks. According to the Commvault Security Advisory, the vulnerability impacts versions 11.36.0-11.36.45, 11.32.0-11.32.88, 11.28.0-11.28.140, and 11.20.0-11.20.216, and is addressed in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217, respectively. The NJCCIC advises updating as soon as possible after appropriate testing.