CVE-2025-34028

Warnung

Medienbericht

Exploit

EPSS 57.96%
Veröffentlicht 22.04.2025 16:32:23
Zuletzt bearbeitet 06.11.2025 13:57:56
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.





This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 2 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Commvault ≫ Commvault Version >= 11.38.0 < 11.38.20

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

02.05.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Commvault Command Center Path Traversal Vulnerability

Schwachstelle

Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	57.96%	0.982

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.heise.de/news/Backupsoftware-Commvault-Weitere-Luecke-angegriffen-Patch-offenbar-unwirksam-10374380.html

Medienbericht

heise Security

09.08.2025 11:36

https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html

Vendor Advisory

https://github.com/watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028

Exploit

https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34028

US Government Resource