The SANS Internet Storm Center (ISC) Stormcast for April 25, 2025, highlights critical cybersecurity developments, including SMS gateway scans, a max-severity Commvault exploit (CVE-2025-34028), and shrinking patch windows. This daily podcast provides actionable intelligence for security professionals, covering vulnerabilities, threat trends, and mitigation strategies.
TL;DR: Key Takeaways
- SMS Gateway Scans: Active scanning for vulnerable SMS gateways observed globally.
- Commvault Exploit (CVE-2025-34028): CVSS 10.0 vulnerability in Commvault Command Center allows full system compromise.
- Patch Window Shrinkage: Reduced time between vulnerability disclosure and exploit deployment.
- inetpub Issues: Misconfigurations in IIS directories leading to exposure risks.
SMS Gateway Scans
Recent scans target SMS gateways, which are often misconfigured or lack authentication. Attackers exploit these gateways to send spam or phishing messages, bypassing traditional email filters. The ISC recommends reviewing gateway configurations and enabling strict access controls. Monitoring logs for unusual outbound SMS traffic can help detect compromises early. This trend aligns with the FBI’s 2024 report noting a 33% increase in cybercrime losses, driven partly by phishing.
Commvault Exploit (CVE-2025-34028)
A critical vulnerability in Commvault Command Center (CVE-2025-34028) has been patched but remains a high-risk target for enterprises. The flaw, scored 10.0 on the CVSS scale, allows remote attackers to execute arbitrary code and gain full control of affected systems. Dark Reading reports that proof-of-concept exploits are already circulating. Organizations using Commvault should prioritize applying the latest patches and segmenting backup networks to limit lateral movement.
Patch Window Shrinkage
The time between vulnerability disclosure and exploit deployment continues to shrink, leaving organizations with less time to remediate. For example, the Commvault patch was released just days before active exploitation attempts were observed. Automated patch management tools and proactive vulnerability scanning are now essential to keep pace with threats. The ISC emphasizes the importance of pre-patch mitigations, such as network segmentation and temporary workarounds.
Relevance to Security Teams
For threat researchers, the SMS gateway scans highlight the need for broader telemetry beyond email and web traffic. Blue teams should monitor for anomalous SMS traffic patterns, while red teams can use this vector for simulated phishing exercises. The Commvault exploit underscores the risks in backup systems, often overlooked in security assessments. System administrators should audit backup software configurations and ensure they are included in vulnerability management programs.
Remediation Steps
- SMS Gateways: Enforce IP whitelisting and API authentication; monitor outbound SMS volumes.
- Commvault: Apply patches immediately; restrict network access to Command Center interfaces.
- General: Reduce patch cycles via automation; prioritize critical vulnerabilities (CVSS ≥ 9.0).
Conclusion
The April 25 Stormcast reinforces the need for rapid response to emerging threats, particularly in under-monitored systems like SMS gateways and backup software. Continuous monitoring and adaptive patch management are critical to mitigating risks in an evolving threat landscape.
References
- “ISC Stormcast For Friday, April 25th, 2025,” SANS Internet Storm Center, 2025.
- “Commvault Bug Lets Researchers Gain Full System Access,” Dark Reading, 2025.
- SANS Stormcast Podcast RSS Feed, SANS ISC.
- “FBI: Cybercrime Losses Surge to $16.6B in 2024,” Dark Reading, 2024.
