CSA Warns Of Commvault Vulnerability (CVE-2025-34028)

The Cyber Security Agency of Singapore (CSA) has warned users about a critical vulnerability affecting the Commvault Command Center. This Commvault vulnerability, identified as CVE-2025-34028, has been rated with a severity score of 10 out of 10 on the Common Vulnerability Scoring System (CVSS v3.1). It allows unauthenticated remote code execution, posing a direct risk to organizations relying on Commvault for data protection and backup operations. 

Details on the Commvault Vulnerability (CVE-2025-34028) 

The vulnerability resides in the Commvault Command Center, specifically versions 11.38.0 to 11.38.19 of the Innovation Release. It affects both Linux and Windows platforms, making it a widespread threat to users across diverse operating systems. The flaw was uncovered by Sonny Macdonald, who discovered that an unauthenticated attacker could exploit this vulnerability to trigger remote code execution (RCE) through a path traversal attack. 

Once successfully exploited, the vulnerability allows attackers to force vulnerable Commvault instances to fetch and unzip a malicious ZIP file from an external server. The attacker can then execute the file, gaining control of the system. This type of attack can potentially compromise the entire Command Center environment, allowing attackers to access, manipulate, or destroy critical data.

Resolution and Fixes 

Commvault has addressed this security flaw, releasing updates to patch the vulnerability. Versions 11.38.20 and 11.38.25, which were both released in early April 2025, contain fixes for CVE-2025-34028.  

For users unable to immediately apply the updates, Commvault recommends isolating the affected Command Center installation from external network access. This precaution can mitigate the risk of attack until the update is successfully deployed. 

A Critical Update for All Users 

The vulnerability, which was flagged by the Cyber Security Agency of Singapore, highlights the importance of staying up-to-date with security patches, especially for enterprise-grade software like Commvault Command Center.  

Organizations relying on older versions of Commvault, specifically those running 11.38.0 to 11.38.19, should immediately prioritize the installation of the new updates. As the vulnerability is now publicly known, attackers may start to exploit the flaw, making it crucial for IT teams to act quickly to protect their systems. 

Conclusion  

Commvault’s acknowledgment of the vulnerability discovered by Sonny Macdonald, along with the collaboration between researchers and software vendors, highlights the importance of proactive cybersecurity measures. The vulnerability affects only specific versions of Commvault Command Center (11.38.0 to 11.38.19), and users are urged to update to versions 11.38.20 or 11.38.25 to protect against potential exploitation.  

The timely warnings from the Cyber Security Agency of Singapore (CSA) and Commvault’s quick response highlight the need for continuous vigilance and system updates to protect against new threats and vulnerabilities. 

Related