Commvault Command Center Innovation Release 11.38 Remote Code Execution

Remote code execution exploit for Commvault Command Center version 11.38. Written in Python. This tool allows testing single targets or scanning multiple hosts in bulk...

Exploit for Missing Authentication for Critical Function in Commvault

CVE-2025-34028 - Commvault Command Center Remote Code Executio...

Commvault Command Center Path Traversal Vulnerability

Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code...

VulnCheck KEV: CVE-2025-34028

Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code...

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

Commvault Command Center 11.38 < 11.38.20 RCE (CV_2025_04_1)

An arbitrary code execution vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. Note that Nessus has not tested for this issue but has instead relied only on t...

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

CVE-2025-34028

CVE-2025-34028 affects Commvault Command Center Innovation Release (11.38.0–11.38.20); it is a path-traversal vulnerability allowing an unauthenticated actor to upload ZIP install packages that, when expanded, enable Remote Code Execution. Root cause: ZIPs containing crafted payloads trigger path...

CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

PT-2025-17556

Name of the Vulnerable Software and Affected Versions Commvault Command Center Innovation Release versions 11.38.0 through 11.38.19 Description A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded b...