Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

BACKGROUND

Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access.

RECOMMENDATION

To mitigate the risk posed by such attacks, clients are advised to apply a Conditional Access policy to all Microsoft 365, Dynamics 365, and Azure AD single-tenant app registrations, and rotate and sync client secrets between Azure portal and Commvault every 90 days.

MWCERT also urges users to monitor sign-in activity to detect any access attempts originating from IP addresses outside of the allowlisted ranges.

Scroll to Top
Skip to content