Worldwide SaaS companies could potentially face risks following a potential attack on Commvault, according to a CISA warning.
U.S. Cybersecurity Agency Warns of Targeted Attacks on SaaS Providers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert, urging businesses to secure their systems following a suspected nation-state cyberattack on Commvault's cloud-based data protection platform, Metallic. The platform provides backup and recovery services for Microsoft 365, among other workloads.
The attack allegedly exploited a zero-day vulnerability, allowing unidentified threat actors to potentially access client secrets for the Microsoft 365 backup SaaS solution. This access could provide the attackers with unauthorized access to Commvault's customers' Microsoft 365 environments that store application secrets.
Commvault, in a blog post, confirmed that a handful of customers were targeted through the zero-day vulnerability, tracked as CVE-2025-3928. The flaw is reportedly found in Commvault Web Server, and can be exploited by a remote, authenticated attacker. Microsoft notified Commvault of the unauthorized activity in February 2025.
CISA has added CVE-2025-3928 to its catalog of known exploited vulnerabilities (KEV), giving Federal Civilian Executive Branch (FCEB) agencies a three-week deadline to patch the issue. The patch is available in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
CISA believes the attack may be part of a larger campaign targeting various SaaS companies' cloud applications with default configurations and elevated permissions. To minimize the chances of getting struck, the agency has provided a list of mitigations, including monitoring Entra audit logs, reviewing Microsoft logs, and more. The detailed list can be found on this link.
As the cyber threat landscape continues to evolve, it is crucial for businesses to invest in robust cybersecurity solutions. Keeper, a well-known cybersecurity platform offering a password manager and digital vault, is one such solution. It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against various cyber threats.
Preferred partner
View Deal
- Businesses should be mindful of the potential cyber threats to their cloud applications, especially those with default configurations and elevated permissions, as seen in the recent attack on Commvault's SaaS service.
- To strengthen their financial operations and safeguard sensitive data, companies could consider investing in advanced cybersecurity solutions like Keeper, which offers robust features such as zero-knowledge encryption, two-factor authentication, and breach alerts.
