Latest Commvault vulnerability: CVE-2025-34028 #

Commvault published a security advisory for a critical security vulnerability found in the Command Center installation.

This vulnerability has been assigned CVE-2025-34028 and has been rated highly critical with a CVSS score of 10.0.

What is the impact? #

This vulnerability is only found within the 11.38 Innovation Release (11.38.0 through 11.38.19). A path traversal vulnerability identified in the Command Center installation allows an unauthenticated attacker to upload ZIP files, which could lead to remote code execution.

Are updates available? #

Commvault has issued a 11.38.20 release that patches the vulnerability.

How do I find potentially vulnerable software with runZero? #

Vulnerable services can be found by navigating to the Services Inventory and using the following query:

_service.last.http.uri:="%commandcenter%" AND _service.protocol:http AND _asset.protocol:http

Written by runZero Team

Great research and development is a team effort! Multiple runZero team members collaborated on this post. Go team!

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Discover the new era of exposure management!