Warning: Critical RCE vulnerability in Commvault Command Centre, PoC available, Patch immediately!

Published : 24/04/2025

Last update: 24/04/2025

Affected software: Commvault Command Center Innovation Release: 11.38.0 - 11.38.19 on Linux and Windows.

Type: Path Traversal, Remote Code Execution

CVE/CVSS
→ CVE-2025-34028: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H)

Sources

https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html

Risks

Commvault is a centralized platform used by organizations to manage backups and protect critical data across their IT environments. CVE-2025-34028 is a critical vulnerability in Commvault that allows unauthenticated attackers to execute arbitrary code on the server, posing a severe risk. Exploiting this flaw could provide threat actors access to sensitive backup data, control over recovery systems, and visibility into the network, severely compromising confidentiality, integrity, and availability.

A proof of concept has been published, increasing the risk of rapid exploitation in the wild; patching without delay is strongly recommended!

Description

CVE-2025-34028 is a critical path traversal vulnerability that allows an unauthenticated actor to upload ZIP files. When the target server extracts these uploaded files, it could lead to Remote Code Execution, potentially resulting in complete system compromise, data theft, denial of service (DoS), or malware installation.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-34028