AI description
CVE-2025-34028 is a vulnerability in Commvault Command Center Innovation Release that allows an unauthenticated attacker to upload ZIP files. This path traversal vulnerability can lead to remote code execution when the server expands these files. The vulnerability affects Command Center Innovation Release versions 11.38.0 through 11.38.19 and has been patched in version 11.38.20. The vulnerability exists in the "deployWebpackage.do" and "deployServiceCommcell.do" endpoints, which are excluded from authentication requirements. An attacker can exploit this by sending an HTTP request to these endpoints, triggering a Server-Side Request Forgery (SSRF) vulnerability. This allows the attacker to force the Commvault server to download a ZIP file from an external server, use path traversal to place files in restricted directories, and ultimately execute malicious code via the web interface.
- Description
- The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Commvault Command Center Path Traversal Vulnerability
- Exploit added on
- May 2, 2025
- Exploit action due
- May 23, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Commvault has disputed a security researcher's claims that an exploit for a recently disclosed maximum severity vulnerability, tracked as CVE-2025-34028, remains effective even in recently updated versions of the software. https://t.co/uuc2Aa0DKq
@blackwired32799
13 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault has clarified that being on versions 11.38.20 or 11.38.25 alone is not sufficient—particular updates within those versions must be installed to fully apply the fix for CVE-2025-34028. Learn more in our latest security bulletin: https://t.co/Y8QslWAVwD
@AWNetworks
12 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: La Settimana Cibernetica - 11 maggio 2025 🔹 aggiornamenti per prodotti F5, SonicWall, Cisco, Liferay, Kibana, OpenCTI, Google 🔹 Commvault: rilevato sfruttamento attivo della CVE-2025-34028 ⚠️ #EPSS: verifica le CVE di maggior interesse 🔗 … https://t.co
@Vulcanux_
12 May 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La Settimana Cibernetica - 11 maggio 2025 🔹 aggiornamenti per prodotti F5, SonicWall, Cisco, Liferay, Kibana, OpenCTI, Google 🔹 Commvault: rilevato sfruttamento attivo della CVE-2025-34028 ⚠️ #EPSS: verifica le CVE di maggior interesse 🔗 https://t.co/FNId3YVmrb ht
@csirt_it
12 May 2025
212 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
11 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://t.co/BAUc7g9xjC
@tbbhunter
11 May 2025
672 Impressions
1 Retweet
1 Like
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
10 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
proficioinc RT: Researcher Says Patched Commvault Bug (CVE-2025-34028) Still Exploitable via @DarkReading #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/hSUx6h6pII — Proficio (@proficioinc) May 9, 2025
@DMFezzaReed
9 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
8 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📢CISA เพิ่มช่องโหว่ CVE-2025-34028 ของ Commvault Command Center ลงใน KEV Catalog #ThaiCERT #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/kkFEiv8Sm
@ThaiCERTByNCSA
7 May 2025
27 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oh boy this could get ugly... @wdormann says certain versions of Commvault Command Center vulnerability (CVE-2025-34028) are still exploitable. CVE-2025-34028 is a full CVSS 10 and was added on May 02, 2025 to the KEV by @CISAgov as being exploited in-the-wild. https://t.co/b5Xok
@gothburz
7 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Commvault CVE-2025-34028 to the KEV list after confirming active exploitation of this critical flaw Learn what you need to know to protect your systems. Don't risk data loss or ransomware attacks – take immediate action! https://t.co/xJNtHONEEW
@vulert_official
6 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028は、アクティブな悪用が確認された後、CISAのKEVに追加されました。 https://t.co/pu3gPu7ry8 #Security #セキュリティ #ニュース
@SecureShield_
6 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
5 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has identified CVE-2025-34028 as a critical vulnerability in Commvault Command Center, enabling remote code execution via malicious ZIP files. Federal agencies must apply patches by May 23, 2025. 🛡️ #CISA #Commvault #USA link: https://t.co/8ZqefS8wh4 https://t.co/IdsPu
@TweetThreatNews
5 May 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Commvault RCE Flaw Actively Exploited! CISA adds CVE-2025-34028 to its KEV catalog after reports of real-world attacks. Vulnerability allows unauthenticated RCE via malicious ZIP uploads. 🔒 Patch immediately! Full Article 🖇️ https://t.co/jmNeUIP8gC #CyberSecurity #In
@cybrhoodsentinl
5 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/2DJRQF9ZCc #CyberSecurity
@EpicPlain
5 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/XLYZmV7ayR https://t.co/QzUyfq1IR7
@talentxfactor
5 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/c05c7ZhR0p
@DemolisherDigi
5 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية شديدة الخطورة في مركز قيادة Commvault إلى قائمة الثغرات المعروفة المستغلة، بعد أسبوع
@Cybercachear
5 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/jK5vEdHmNA
@molari999
5 May 2025
5 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📍Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/pWvpIX2IvT
@cyberetweet
5 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/L8Pdtryrjf
@buzz_sec
5 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This headline highlights the active exploitation of a vulnerability (CVE-2025-34028) in Commvault's software, underscoring the continuous threat landscape... https://t.co/7tbitu8ysz #TechNews #Innovation #Consulting
@EnRouteIT
5 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://t.co/CHL4iyvDWS via @TheHackersNews
@ABabino
5 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation #security #cybersecurity #hack #it-security https://t.co/ocz6KcpEag
@TheCySecNews
5 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-click, max impact — and it's already being exploited. A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed. Read: https://t.co/WBd1F93AlI... https://t.co/1CDzSUh8rO
@IT_news_for_all
5 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-click, max impact — and it's already being exploited. A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed. Read: https://t.co/UNh7kD7Mjr Deadline for U.S. agencies: May 23.
@TheHackersNews
5 May 2025
61612 Impressions
59 Retweets
150 Likes
42 Bookmarks
4 Replies
4 Quotes
A critical vulnerability (CVE-2025-34028) in Commvault Command Center allows remote code execution without authentication, impacting versions 11.38.0 to 11.38.19. It's now in CISA's KEV catalog. ⚠️ #Commvault #CyberFlaw #USA link: https://t.co/LBuuxjSfI8 https://t.co/AEHe6bI
@TweetThreatNews
5 May 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Exploited #Commvault: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-34028 per il prodotto #CommvaultCommandCenter Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/veVQXxtb9w ⚠ Importante aggiornare… https://t.
@Vulcanux_
5 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://t.co/CD7qLUfOR3
@akaclandestine
4 May 2025
854 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-34028 #Commvault Command Center Path Traversal Vulnerability https://t.co/OJ8QSyhVNO
@ScyScan
2 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Yii framework and Commvault vulnerabilities CVE-2024-58136 & CVE-2025-34028 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. https://t.co/Eil0idoZXD
@CISACyber
2 May 2025
5670 Impressions
12 Retweets
22 Likes
3 Bookmarks
1 Reply
3 Quotes
🚨 Critical #RCE vulnerability (CVE-2025-34028) found in Commvault Command Center! Pre-auth exploit allows code execution. Upgrade to v11.38.20 ASAP to patch. 🛡️ More info and affected versions: https://t.co/jEYxMLUKPM #Cybersecurity #VulnerabilityManagement
@fernandokarl
28 Apr 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
28 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-34028 - critical 🚨 Commvault - SSRF via /commandcenter/deployWebpackage.do > A path traversal vulnerability in Commvault Command Center Innovation Release allows ... 👾 https://t.co/jF5udvJgJW @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
27 Apr 2025
609 Impressions
3 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
27 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security https://t.co/2JNey2VS4N
@PVynckier
27 Apr 2025
86 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
26 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
26 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Heath Renfrow, co-founder and CISO of @Fenix24, alerts businesses about the Commvault Bug CVE-2025-34028 and offers guidance on necessary precautions until a fix is released, as discussed in @Dark Reading. Read what to do now 👇 https://t.co/fJC3rIrdab
@ed_myruski
25 Apr 2025
37 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
25 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-34028, a maximum-severity #RCE #vulnerability in the Command Center, poses a severe risk to impacted instances and may result in a full system compromise. Detect exploitation attempts with #Sigma rules from SOC Prime Platform. https://t.co/SuofM898rM
@SOC_Prime
25 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
最大深刻度のCommvaultバグが研究者を警戒させる(CVE-2025-34028) https://t.co/zu7LFTAgEo #Security #セキュリティ #ニュース
@SecureShield_
25 Apr 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-34028
@transilienceai
25 Apr 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical #Commvault RCE vulnerability (CVE-2025-34028) discovered in Command Center v11.38. Immediate update to v11.38.20 or later recommended to prevent remote code execution. #CyberSecurity #DataProtection https://t.co/bEuxFOePwu
@dailytechonx
24 Apr 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bulletin: CVE-2025-34028 affects Commvault Command Center (v11.38.0–11.38.19). Unauthenticated RCE via path traversal in a vulnerable endpoint. PoCs exist. Immediate patching to 11.38.20+ is recommended. #ThreatIntel #RedLeggCTI #Commvault https://t.co/HukD7fx0zU
@RedLegg
24 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE vulnerability (CVE-2025-34028) found in Commvault Command Center! Unauthenticated attackers can execute arbitrary code. Patch ASAP! ⚠️ Use Sigma rules on SOC Prime Platform to detect exploitation attempts. #Cybersecurity #RCE https://t.co/mufizkhNMZ
@fernandokarl
24 Apr 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34028: Critical RCE in Commvault Command Center (v11.38.0–11.38.19) via SSRF. No auth required. Patch immediately to v11.38.20 or later. #CyberSecurity #VulnerabilityManagement #Commvault #RCE #Infosec #SecurityUpdate https://t.co/xjzdQ8GOWx
@CloneSystemsInc
24 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical #Commvault RCE #vulnerability fixed, PoC available (#CVE-2025-34028) https://t.co/xugqr91B0r
@ScyScan
24 Apr 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C510195-3CF6-460F-8AE0-FDB227262086",
"versionEndIncluding": "11.38.19",
"versionStartIncluding": "11.38.0"
},
{
"criteria": "cpe:2.3:a:commvault:commvault:11.38.20:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A858E4E4-A2B2-45B8-A6C1-786703A35EA4"
},
{
"criteria": "cpe:2.3:a:commvault:commvault:11.38.25:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6284A494-F84E-47FB-A415-6D7AAC46BA09"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]