Commvault Confirms State-Sponsored Hackers Exploited Azure Vulnerability

Commvault, an enterprise data backup platform, has revealed that an unknown state-sponsored threat actor compromised its Microsoft Azure environment by exploiting the vulnerability CVE-2025-3928. Although the company emphasized that there is no evidence of unauthorized access to data, this activity affected a small number of common customers with Microsoft. Commvault is working with these customers to provide assistance.