Critical Commvault Vulnerability (CVE-2025-34028) Allows Remote Code Execution

A newly disclosed high-severity vulnerability in CommVault’s Command Center has caused a stir in the cybersecurity community. The product, often deployed at the core of critical infrastructure, contains serious flaws that could potentially compromise the entire system if exploited.

Commvault Vulnerability CVE-2025-34028

The vulnerability, tracked as CVE-2025-34028, affects Commvault Command Center versions 11.38.0 through 11.38.19 on both Windows and Linux platforms. The issue has been fixed in version 11.38.20, which the company says should automatically deploy to systems without requiring manual intervention.

The vulnerability was discovered by a researcher from watchTowr, who reported it to Commvault on April 7. In a blog post published this week, watchTowr described the flaw as a “straightforward pre-auth Server-Side Request Forgery (SSRF)” that lacks proper filtering to limit which hosts the software can communicate with. This type of flaw can be exploited by attackers to send unauthorized requests to internal or external systems.

WatchTowr developed a proof-of-concept (PoC) exploit that demonstrates how an attacker could use the bug to deploy a
malicious ZIP file containing a web shell, gaining full remote code execution on the target system.

This marks the second critical vulnerability discovered by watchTowr in a major data protection product in recent months. In February, the security firm disclosed a separate unauthenticated file-read bug in technology from Nakivo, another prominent backup and recovery software vendor.

Potential Impact

The severity of CVE-2025-34028 is amplified by the nature of Commvault’s products, which are widely deployed in core infrastructure environments. Commvault provides backup, recovery, and cloud storage technologies to more than 100,000 customers worldwide, including major enterprises such as 3M, ADP, Deloitte, ING, Sony, Panasonic, and AstraZeneca.

Conclusion

Given the critical nature of CVE-2025-34028, security professionals are strongly encouraging rapid action to patch, monitor, and isolate affected systems to prevent potential exploitation if not patched. Moreover, security researchers are urging organizations to verify that the update has been successfully applied and to ensure their systems are not blocking automatic updates.

Source: hxxps[://]labs[.]watchtowr[.]com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/

Follow cybersecurity88 on X and Linkedin for the latest cybersecurity news