Actively Exploited: Broadcom & Commvault Vulnerabilities Added to CISA KEV List

In this episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt break down two freshly identified and actively exploited CVEs that have just been added to CISA’s Known Exploited Vulnerabilities (KEV) database. First, we discuss CVE-2025-1976—a severe vulnerability in Broadcom’s Brocade Fabric OS—which allows local admins to execute arbitrary code with root privileges exploit, exposing organizations to complete system compromise. Then we cover CVE-2025-3928, a Commvault web server flaw that allows authenticated attackers to deploy web shells—especially dangerous when paired with other privilege escalation tactics.These vulnerabilities aren’t theoretical—they’re being used in the wild right now. We explain why vendor reassurances about complexity of exploitation can lull teams into false security, how chain attacks make “local access” a relative concept, and why these types of flaws demand immediate attention—even if they seem buried in less-visible infrastructure. If you rely on Commvault or still run legacy Brocade systems, you can’t afford to ignore this one.🔐 Keywords (SEO Optimized): CVE-2025-1976, CVE-2025-3928, Broadcom vulnerability, Commvault exploit, CISA KEV database, Brocade Fabric OS root flaw, Commvault web shell, enterprise storage security, critical vulnerability patch, chain exploits cybersecurity, IT SPARC Cast CVE, cybersecurity podcast, Lou Schmidt, John Barger➡️ Feedback welcome at [email protected] or on X @ITSPARCCast💬 Leave a comment on YouTube—we read and respond to nearly all of them!📢 Like, subscribe, and share to stay ahead of the next breach.Thanks for tuning in to IT SPARC Cast!Follow and connect with us on social:IT SPARC Cast🔗 @ITSPARCCast on X🔗 SPARC Sales on LinkedInJohn Barger🔗 @john_Video on X🔗 John Barger on LinkedInLou Schmidt🔗 @loudoggeek on X🔗 Lou Schmidt on LinkedIn Hosted on Acast. See acast.com/privacy for more information.