Lucene search
+L

10 matches found

nuclei
nuclei
added 2 days ago59 views

Commvault - SSRF via /commandcenter/deployWebpackage.do

A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. id: CVE-2025-34028 info: name...

10CVSS7.2AI score0.97292EPSS
Exploits5References3
thn
thn
added 2025/05/05 4:1 p.m.29 views

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities KEV catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 CV...

8.7CVSS9.8AI score0.97292EPSS
Exploits5
hackread
hackread
added 2025/04/25 8:33 p.m.25 views

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…...

10CVSS7AI score0.97292EPSS
Exploits5
redhatcve
redhatcve
added 2025/04/25 6:44 p.m.16 views

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

10CVSS9.8AI score0.97292EPSS
Exploits5References1
thn
thn
added 2025/04/24 10:0 a.m.30 views

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...

10CVSS8.8AI score0.97292EPSS
Exploits5
nvd
nvd
added 2025/04/22 5:16 p.m.23 views

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

10CVSS0.97292EPSS
Exploits5References5
circl
circl
added 2025/04/22 4:59 p.m.13 views

CVE-2025-34028

creationtimestamp| type| source ---|---|--- 2025-04-22 16:59:25+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114382678519185910 2025-04-22 17:03:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12895 2025-04-22 19:48:22+00:00| seen|...

10CVSS7.1AI score0.97292EPSS
In wildExploits5References119
cvelist
cvelist
added 2025/04/22 4:32 p.m.78 views

CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

9.3CVSS0.97292EPSS
Exploits5References4
vulnrichment
vulnrichment
added 2025/04/22 4:32 p.m.16 views

CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

9.3CVSS9.3AI score0.97292EPSS
Exploits5References4
githubexploit
githubexploit
added 2025/04/17 8:16 a.m.217 views

Exploit for Missing Authentication for Critical Function in Commvault

CVE-2025-34028 A Commvault Pre-Authenticated Remote Code Execu...

10CVSS10AI score0.97292EPSS
Exploits5
Rows per page
Query Builder