AI description
CVE-2025-34028 is a vulnerability in Commvault Command Center Innovation Release that allows an unauthenticated attacker to upload ZIP files. This path traversal vulnerability can lead to remote code execution when the server expands these files. The vulnerability affects Command Center Innovation Release versions 11.38.0 through 11.38.19 and has been patched in version 11.38.20. The vulnerability exists in the "deployWebpackage.do" and "deployServiceCommcell.do" endpoints, which are excluded from authentication requirements. An attacker can exploit this by sending an HTTP request to these endpoints, triggering a Server-Side Request Forgery (SSRF) vulnerability. This allows the attacker to force the Commvault server to download a ZIP file from an external server, use path traversal to place files in restricted directories, and ultimately execute malicious code via the web interface.
- Description
- A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
20
Bulletin: CVE-2025-34028 affects Commvault Command Center (v11.38.0–11.38.19). Unauthenticated RCE via path traversal in a vulnerable endpoint. PoCs exist. Immediate patching to 11.38.20+ is recommended. #ThreatIntel #RedLeggCTI #Commvault https://t.co/HukD7fx0zU
@RedLegg
24 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE vulnerability (CVE-2025-34028) found in Commvault Command Center! Unauthenticated attackers can execute arbitrary code. Patch ASAP! ⚠️ Use Sigma rules on SOC Prime Platform to detect exploitation attempts. #Cybersecurity #RCE https://t.co/mufizkhNMZ
@fernandokarl
24 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34028: Critical RCE in Commvault Command Center (v11.38.0–11.38.19) via SSRF. No auth required. Patch immediately to v11.38.20 or later. #CyberSecurity #VulnerabilityManagement #Commvault #RCE #Infosec #SecurityUpdate https://t.co/xjzdQ8GOWx
@CloneSystemsInc
24 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical #Commvault RCE #vulnerability fixed, PoC available (#CVE-2025-34028) https://t.co/xugqr91B0r
@ScyScan
24 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw (CVE-2025-34028) in Commvault Command Center allows remote code execution without authentication. Versions 11.38.0 - 11.38.19 are affected. Update to 11.38.20 or 11.38.25! 🚨 #Commvault #InfoSec #USA link: https://t.co/aKsxudbYWo https://t.co/LG2roWAANZ
@TweetThreatNews
24 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs https://t.co/nh4CZbi1d7 https://t.co/WAHgaO2pvh
@secharvesterx
24 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم الكشف عن ثغرة أمنية حرجة في مركز التحكم Commvault، مما يسمح للمهاجمين بتنفيذ تعليمات برمجية عن بُعد. تحمل الثغرة، المسماة CVE-2025-34028، درجة CVSS تبلغ 9.0 من 10.0، مما يجعلها تهديداً كبيراً للأمان. #الامن_السيبراني https://t.co/rpb3O91RzE
@Cybercachear
24 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We're back! This time, we're analyzing CVE-2025-34028 - a pre-auth Remote Code Execution vulnerability we discovered in Commvault - yet another enterprise-grade Backup and Replication solution. https://t.co/yJa0bmYdF1
@watchtowrcyber
24 Apr 2025
7486 Impressions
55 Retweets
128 Likes
29 Bookmarks
3 Replies
2 Quotes
🚨 CVE-2025-34028 ⚠️🔴 CRITICAL (10) 🏢 Commvault - Command Center Innovation Release 🏗️ 11.38 🔗 https://t.co/LjftS5lDZD #CyberCron #VulnAlert #InfoSec https://t.co/BFKWzSI9fK
@cybercronai
24 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE番号:CVE-2025-34028 についてのURLはこちら https://t.co/eKBYZIXiDB
@SMBC_cyberfront
24 Apr 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical RCE Flaw in Commvault Command Center 📅 Timeline: Disclosure: 2025-04-22, Patch: 2025-04-10 📌 Attribution: watchTowr 🆔 CVEID: [CVE-2025-34028](https://t.co/9FCaazZL7Z) 📊 BaseScore: 10.0 📏 CVSSMetrics:
@syedaquib77
24 Apr 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34028 Path Traversal in Commvault Command Center 11.38 Leads to Unauthenticated RCE https://t.co/nlpyxhmPbN
@VulmonFeeds
23 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes