Latest Commvault vulnerability: CVE-2025-34028 #
Commvault published a security advisory for a critical security vulnerability found in the Command Center installation.
This vulnerability has been assigned CVE-2025-34028 and has been rated highly critical with a CVSS score of 10.0.
What is the impact? #
This vulnerability is only found within the 11.38 Innovation Release (11.38.0 through 11.38.19). A path traversal vulnerability identified in the Command Center installation allows an unauthenticated attacker to upload ZIP files, which could lead to remote code execution.
Are updates available? #
Commvault has issued a 11.38.20 release that patches the vulnerability.
How do I find potentially vulnerable software with runZero? #
Vulnerable services can be found by navigating to the Services Inventory and using the following query:
_service.last.http.uri:="%commandcenter%" AND _service.protocol:http AND _asset.protocol:http