A recent discovery has unveiled a critical vulnerability in Commvault, shedding light on the high demand for backup and replication solutions among cyber threat actors due to their pivotal role in data management processes.
The vulnerability was unearthed on April 24 by watchTowr, who reported a path traversal vulnerability in Commvault Command Center Innovation Release version 11.38 on both Linux and Windows operating systems. The Command Center Innovation Release serves as a web-based management interface, offering a centralized platform for overseeing Commvault data protection and management operations.
Exploiting this security flaw allows an unauthorized individual to upload ZIP files and execute remote code, ultimately leading to a full compromise of the Command Center environment. Assigned the severity score of 10.0 (CVSS v3.1), the vulnerability was labeled as CVE-2025-34028.
To address this issue, Commvault promptly issued a fix for Commvault Command Center Innovation Release versions 11.38.20 and above. Customers have been strongly advised to implement the updated versions at the earliest convenience. In cases where immediate installation of the patch is not feasible, customers are urged to isolate the Command Center installation from external network access to mitigate risks.
The timeline of the CVE-2025-34028 disclosure reveals that the vulnerability stems from inadequate limitation of a pathname to a restricted directory, also known as a path traversal flaw, in Commvault Command Center Innovation Release version 11.38. watchTowr first discovered this vulnerability on April 7 and promptly notified Commvault of its findings.
Commvault responded swiftly by releasing a fix on April 10 and publishing a security advisory on April 17. At the request of watchTowr, vulnerability intelligence firm VulnCheck, a CVE Numbering Authority (CNA), assigned the CVE-2025-34028 identifier to this vulnerability. Furthermore, watchTowr shared a proof-of-concept (PoC) exploit for CVE-2025-34028 in its latest report.
The rise in cyber attacks targeting backup and replication solutions has been observable in recent times, with notable breaches affecting solutions like Veeam and NAKIVO. These incidents underscore the concerning trend of threat actors honing in on crucial data management systems to gain illicit access and control.
As organizations navigate the evolving cybersecurity landscape, it is imperative for them to remain vigilant and prioritize the security of their data management solutions. By promptly addressing vulnerabilities and implementing necessary safeguards, businesses can fortify their defenses against malicious actors seeking to exploit critical systems for their nefarious purposes.