Commvault

In April 2025, researchers uncovered a critical path traversal vulnerability (CVE-2025-34028) in Commvault Command Center Innovation Release (versions 11.38.0 to 11.38.19). This flaw allows unauthenticated attackers to trigger a server-side request forgery that fetches and unpacks a malicious ZIP archive from a remote host. Once extracted, the payload installs a reverse shell, granting full remote code execution privileges on the backup management server. Successful exploitation can lead to unauthorized access to backup data, tampering or deletion of critical recovery sets, or the deployment of additional malware across protected endpoints. Organizations relying on these on-premise systems risk severe operational disruption due to compromised backup integrity and potential data loss. Threat actors could exfiltrate sensitive corporate and customer information stored in backups, undermine disaster recovery processes, and stage lateral movements to other internal assets. Unpatched instances may also serve as a foothold for persistent intrusion, ultimately eroding trust in data protection mechanisms, causing financial and reputational damage, and delaying incident response during recovery efforts. Though a patch is available in versions 11.38.20 and later, failure to update exposes enterprises to significant security and compliance risks.

Source: https://www.helpnetsecurity.com/2025/04/24/critical-commvault-rce-vulnerability-fixed-poc-available-cve-2025-34028/

TPRM report: https://scoringcyber.rankiteo.com/company/commvault

"id": "com743042525",
"linkid": "commvault",
"type": "Vulnerability",
"date": "4/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'industry': 'Data Management and Backup Solutions',
                        'name': 'Commvault',
                        'type': 'Software Provider'}],
 'attack_vector': 'Server-side request forgery',
 'data_breach': {'type_of_data_compromised': ['backup data',
                                              'sensitive corporate and '
                                              'customer information']},
 'date_detected': 'April 2025',
 'description': 'A critical path traversal vulnerability (CVE-2025-34028) in '
                'Commvault Command Center Innovation Release (versions 11.38.0 '
                'to 11.38.19) allows unauthenticated attackers to trigger a '
                'server-side request forgery that fetches and unpacks a '
                'malicious ZIP archive from a remote host, installing a '
                'reverse shell and granting full remote code execution '
                'privileges on the backup management server.',
 'impact': {'brand_reputation_impact': 'Erosion of trust in data protection '
                                       'mechanisms',
            'data_compromised': ['backup data',
                                 'sensitive corporate and customer '
                                 'information'],
            'operational_impact': 'Severe operational disruption',
            'systems_affected': ['backup management server']},
 'motivation': ['Unauthorized access to backup data',
                'Tampering or deletion of critical recovery sets',
                'Deployment of additional malware',
                'Exfiltration of sensitive information',
                'Undermining disaster recovery processes',
                'Lateral movements to other internal assets'],
 'recommendations': ['Update to the latest patched version'],
 'response': {'remediation_measures': ['Patch available in versions 11.38.20 '
                                       'and later']},
 'title': 'Commvault Command Center Path Traversal Vulnerability',
 'type': 'Path Traversal Vulnerability',
 'vulnerability_exploited': 'CVE-2025-34028'}