Commvault, a leading provider of data protection and cyber resilience solutions, has confirmed that a zero-day exploit enabled hackers to gain unauthorized access to its Azure environment.
The incident, attributed to a suspected nation-state threat actor, was first detected on February 20, 2025, after Microsoft alerted the company to suspicious activity within its cloud infrastructure.
Upon receiving the notification, Commvault immediately activated its incident response plan, enlisting the support of top cybersecurity experts and law enforcement agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
The company’s investigation determined that the breach affected only a small number of customers, who were promptly notified and offered assistance.
Crucially, Commvault emphasized that there was no unauthorized access to any customer backup data or impact on its business operations.
“There has been no unauthorized access to customer backup data that Commvault stores and protects, and no material impact on our business operations or our ability to deliver products and services,” stated Danielle Sheer, Chief Trust Officer.
The attackers exploited a now-patched zero-day vulnerability (CVE-2025-3928) in the Commvault Web Server, which allowed remote, authenticated attackers to deploy web shells and gain further access.
The vulnerability required attackers to possess valid user credentials and access to an internet-facing environment.
Commvault has since patched the flaw and is urging all software customers to update their systems immediately.
In response to the incident, Commvault has implemented enhanced security measures, including rotating affected credentials, strengthening monitoring protocols, and sharing indicators of compromise with customers and partners.
The company is also encouraging customers to apply Conditional Access policies, regularly rotate credentials, and monitor for suspicious sign-in activity.
Commvault’s swift response and transparent communication underscore its commitment to customer protection and industry collaboration.
“No company is immune to an attack.
We believe that sharing information and working together makes us all more resilient,” the company stated.
Customers seeking further information or assistance are encouraged to contact Commvault’s support team through the official portal.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The incident, attributed to a suspected nation-state threat actor, was first detected on February 20, 2025, after Microsoft alerted the company to suspicious activity within its cloud infrastructure.){kind=link}