CVE-2025-34028

Published Apr 22, 2025

Last updated 7 hours ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-34028 is a vulnerability in Commvault Command Center Innovation Release that allows an unauthenticated attacker to upload ZIP files. This path traversal vulnerability can lead to remote code execution when the server expands these files. The vulnerability affects Command Center Innovation Release versions 11.38.0 through 11.38.19 and has been patched in version 11.38.20. The vulnerability exists in the "deployWebpackage.do" and "deployServiceCommcell.do" endpoints, which are excluded from authentication requirements. An attacker can exploit this by sending an HTTP request to these endpoints, triggering a Server-Side Request Forgery (SSRF) vulnerability. This allows the attacker to force the Commvault server to download a ZIP file from an external server, use path traversal to place files in restricted directories, and ultimately execute malicious code via the web interface.

Description
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.
Source
disclosure@vulncheck.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Commvault Command Center Path Traversal Vulnerability
Exploit added on
May 2, 2025
Exploit action due
May 23, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

disclosure@vulncheck.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 📢CISA เพิ่มช่องโหว่ CVE-2025-34028 ของ Commvault Command Center ลงใน KEV Catalog #ThaiCERT #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/kkFEiv8Sm

    @ThaiCERTByNCSA

    7 May 2025

    27 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Oh boy this could get ugly... @wdormann says certain versions of Commvault Command Center vulnerability (CVE-2025-34028) are still exploitable. CVE-2025-34028 is a full CVSS 10 and was added on May 02, 2025 to the KEV by @CISAgov as being exploited in-the-wild. https://t.co/b5Xok

    @gothburz

    7 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA added Commvault CVE-2025-34028 to the KEV list after confirming active exploitation of this critical flaw Learn what you need to know to protect your systems. Don't risk data loss or ransomware attacks – take immediate action! https://t.co/xJNtHONEEW

    @vulert_official

    6 May 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Commvault CVE-2025-34028は、アクティブな悪用が確認された後、CISAのKEVに追加されました。 https://t.co/pu3gPu7ry8 #Security #セキュリティ #ニュース

    @SecureShield_

    6 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    5 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. CISA has identified CVE-2025-34028 as a critical vulnerability in Commvault Command Center, enabling remote code execution via malicious ZIP files. Federal agencies must apply patches by May 23, 2025. 🛡️ #CISA #Commvault #USA link: https://t.co/8ZqefS8wh4 https://t.co/IdsPu

    @TweetThreatNews

    5 May 2025

    74 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Commvault RCE Flaw Actively Exploited! CISA adds CVE-2025-34028 to its KEV catalog after reports of real-world attacks. Vulnerability allows unauthenticated RCE via malicious ZIP uploads. 🔒 Patch immediately! Full Article 🖇️ https://t.co/jmNeUIP8gC #CyberSecurity #In

    @cybrhoodsentinl

    5 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/2DJRQF9ZCc #CyberSecurity

    @EpicPlain

    5 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/XLYZmV7ayR https://t.co/QzUyfq1IR7

    @talentxfactor

    5 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/c05c7ZhR0p

    @DemolisherDigi

    5 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية شديدة الخطورة في مركز قيادة Commvault إلى قائمة الثغرات المعروفة المستغلة، بعد أسبوع

    @Cybercachear

    5 May 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/jK5vEdHmNA

    @molari999

    5 May 2025

    5 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 📍Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/pWvpIX2IvT

    @cyberetweet

    5 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. The Hacker News - Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/L8Pdtryrjf

    @buzz_sec

    5 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. This headline highlights the active exploitation of a vulnerability (CVE-2025-34028) in Commvault's software, underscoring the continuous threat landscape... https://t.co/7tbitu8ysz #TechNews #Innovation #Consulting

    @EnRouteIT

    5 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/CHL4iyvDWS via @TheHackersNews

    @ABabino

    5 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation #security #cybersecurity #hack #it-security https://t.co/ocz6KcpEag

    @TheCySecNews

    5 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Zero-click, max impact — and it's already being exploited. A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed. Read: https://t.co/WBd1F93AlI... https://t.co/1CDzSUh8rO

    @IT_news_for_all

    5 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Zero-click, max impact — and it's already being exploited. A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed. Read: https://t.co/UNh7kD7Mjr Deadline for U.S. agencies: May 23.

    @TheHackersNews

    5 May 2025

    61612 Impressions

    59 Retweets

    150 Likes

    42 Bookmarks

    4 Replies

    4 Quotes

  20. A critical vulnerability (CVE-2025-34028) in Commvault Command Center allows remote code execution without authentication, impacting versions 11.38.0 to 11.38.19. It's now in CISA's KEV catalog. ⚠️ #Commvault #CyberFlaw #USA link: https://t.co/LBuuxjSfI8 https://t.co/AEHe6bI

    @TweetThreatNews

    5 May 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. csirt_it: ‼️ #Exploited #Commvault: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-34028 per il prodotto #CommvaultCommandCenter Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/veVQXxtb9w ⚠ Importante aggiornare… https://t.

    @Vulcanux_

    5 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://t.co/CD7qLUfOR3

    @akaclandestine

    4 May 2025

    854 Impressions

    0 Retweets

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  23. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-34028 #Commvault Command Center Path Traversal Vulnerability https://t.co/OJ8QSyhVNO

    @ScyScan

    2 May 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🛡️ We added Yii framework and Commvault vulnerabilities CVE-2024-58136 & CVE-2025-34028 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. https://t.co/Eil0idoZXD

    @CISACyber

    2 May 2025

    5670 Impressions

    12 Retweets

    22 Likes

    3 Bookmarks

    1 Reply

    3 Quotes

  25. 🚨 Critical #RCE vulnerability (CVE-2025-34028) found in Commvault Command Center! Pre-auth exploit allows code execution. Upgrade to v11.38.20 ASAP to patch. 🛡️ More info and affected versions: https://t.co/jEYxMLUKPM #Cybersecurity #VulnerabilityManagement

    @fernandokarl

    28 Apr 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    28 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. 🚨 CVE-2025-34028 - critical 🚨 Commvault - SSRF via /commandcenter/deployWebpackage.do > A path traversal vulnerability in Commvault Command Center Innovation Release allows ... 👾 https://t.co/jF5udvJgJW @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    27 Apr 2025

    609 Impressions

    3 Retweets

    15 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  28. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    27 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security https://t.co/2JNey2VS4N

    @PVynckier

    27 Apr 2025

    86 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    26 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    26 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Heath Renfrow, co-founder and CISO of @Fenix24, alerts businesses about the Commvault Bug CVE-2025-34028 and offers guidance on necessary precautions until a fix is released, as discussed in @Dark Reading. Read what to do now 👇 https://t.co/fJC3rIrdab

    @ed_myruski

    25 Apr 2025

    37 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    25 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. CVE-2025-34028, a maximum-severity #RCE #vulnerability in the Command Center, poses a severe risk to impacted instances and may result in a full system compromise. Detect exploitation attempts with #Sigma rules from SOC Prime Platform. https://t.co/SuofM898rM

    @SOC_Prime

    25 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 最大深刻度のCommvaultバグが研究者を警戒させる(CVE-2025-34028) https://t.co/zu7LFTAgEo #Security #セキュリティ #ニュース

    @SecureShield_

    25 Apr 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Actively exploited CVE : CVE-2025-34028

    @transilienceai

    25 Apr 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. Critical #Commvault RCE vulnerability (CVE-2025-34028) discovered in Command Center v11.38. Immediate update to v11.38.20 or later recommended to prevent remote code execution. #CyberSecurity #DataProtection https://t.co/bEuxFOePwu

    @dailytechonx

    24 Apr 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Bulletin: CVE-2025-34028 affects Commvault Command Center (v11.38.0–11.38.19). Unauthenticated RCE via path traversal in a vulnerable endpoint. PoCs exist. Immediate patching to 11.38.20+ is recommended. #ThreatIntel #RedLeggCTI #Commvault https://t.co/HukD7fx0zU

    @RedLegg

    24 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 Critical RCE vulnerability (CVE-2025-34028) found in Commvault Command Center! Unauthenticated attackers can execute arbitrary code. Patch ASAP! ⚠️ Use Sigma rules on SOC Prime Platform to detect exploitation attempts. #Cybersecurity #RCE https://t.co/mufizkhNMZ

    @fernandokarl

    24 Apr 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. CVE-2025-34028: Critical RCE in Commvault Command Center (v11.38.0–11.38.19) via SSRF. No auth required. Patch immediately to v11.38.20 or later. #CyberSecurity #VulnerabilityManagement #Commvault #RCE #Infosec #SecurityUpdate https://t.co/xjzdQ8GOWx

    @CloneSystemsInc

    24 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Critical #Commvault RCE #vulnerability fixed, PoC available (#CVE-2025-34028) https://t.co/xugqr91B0r

    @ScyScan

    24 Apr 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. A critical flaw (CVE-2025-34028) in Commvault Command Center allows remote code execution without authentication. Versions 11.38.0 - 11.38.19 are affected. Update to 11.38.20 or 11.38.25! 🚨 #Commvault #InfoSec #USA link: https://t.co/aKsxudbYWo https://t.co/LG2roWAANZ

    @TweetThreatNews

    24 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs https://t.co/nh4CZbi1d7 https://t.co/WAHgaO2pvh

    @secharvesterx

    24 Apr 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 📌 تم الكشف عن ثغرة أمنية حرجة في مركز التحكم Commvault، مما يسمح للمهاجمين بتنفيذ تعليمات برمجية عن بُعد. تحمل الثغرة، المسماة CVE-2025-34028، درجة CVSS تبلغ 9.0 من 10.0، مما يجعلها تهديداً كبيراً للأمان. #الامن_السيبراني https://t.co/rpb3O91RzE

    @Cybercachear

    24 Apr 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🔥 Critical Exploit Alert! A 9.0 CVSS flaw in Commvault Command Center lets hackers run code without logging in. 🎯 Targets versions 11.38.0–11.38.19 💥 Pre-auth SSRF → Remote Code Execution Learn more about CVE-2025-34028 here: https://t.co/Scx7xa4a96

    @TheHackersNews

    24 Apr 2025

    10632 Impressions

    43 Retweets

    105 Likes

    30 Bookmarks

    0 Replies

    1 Quote

  46. We're back! This time, we're analyzing CVE-2025-34028 - a pre-auth Remote Code Execution vulnerability we discovered in Commvault - yet another enterprise-grade Backup and Replication solution. https://t.co/yJa0bmYdF1

    @watchtowrcyber

    24 Apr 2025

    11967 Impressions

    68 Retweets

    156 Likes

    38 Bookmarks

    4 Replies

    3 Quotes

  47. CVE-2025-34028: Critical RCE Flaw in Commvault Command Center Scores CVSS 10 https://t.co/nEegTo8ssF

    @Dinosn

    24 Apr 2025

    2797 Impressions

    10 Retweets

    25 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 CVE-2025-34028 ⚠️🔴 CRITICAL (10) 🏢 Commvault - Command Center Innovation Release 🏗️ 11.38 🔗 https://t.co/LjftS5lDZD #CyberCron #VulnAlert #InfoSec https://t.co/BFKWzSI9fK

    @cybercronai

    24 Apr 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. CVE番号:CVE-2025-34028 についてのURLはこちら https://t.co/eKBYZIXiDB

    @SMBC_cyberfront

    24 Apr 2025

    121 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 【早期警戒脆弱性情報】 CVE番号:CVE-2025-34028 Commvault Command Center Innovation Release のパストラバーサルの脆弱性により、認証されていないアクターが ZIP ファイルをアップロードし、ターゲットサーバーによって展開されると、リモートコードが実行される可能性があります。

    @SMBC_cyberfront

    24 Apr 2025

    150 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations