CISA has issued a warning about the ongoing exploitation of Broadcom, Commvault, and Qualitia product vulnerabilities. Broadcom’s recently patched flaw, CVE-2025-1976, is a code injection vulnerability that could lead to the execution of arbitrary code. Commvault’s webserver vulnerability, CVE-2025-3928, can be exploited by a remote attacker. CVE-2025-42599, a buffer overflow vulnerability in Qualitia products, can be exploited by a remote attacker to remotely execute code. 

Read more: https://www.securityweek.com/cisa-warns-of-exploited-broadcom-commvault-vulnerabilities/