10 matches found
Commvault - SSRF via /commandcenter/deployWebpackage.do
A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. id: CVE-2025-34028 info: name...
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities KEV catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 CV...
Critical Commvault Flaw Allows Full System Takeover – Update NOW
Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…...
CVE-2025-34028
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...
CVE-2025-34028
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...
CVE-2025-34028
creationtimestamp| type| source ---|---|--- 2025-04-22 16:59:25+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114382678519185910 2025-04-22 17:03:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12895 2025-04-22 19:48:22+00:00| seen|...
CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...
CVE-2025-34028 Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...
Exploit for Missing Authentication for Critical Function in Commvault
CVE-2025-34028 A Commvault Pre-Authenticated Remote Code Execu...