The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerabilities in question are listed below –

• CVE-2025-1976 (CVSS score: 8.6) – A code injection flaw affecting Broadcom Brocade Fabric OS that allows a local user with administrative privileges to execute arbitrary code with full root privileges
• CVE-2025-3928 (CVSS score: 8.7) – An unspecified flaw in the Commvault Web Server that allows a remote, authenticated attacker to create and execute web shells

You can see the details in this article on The Hacker News here