Researcher Says Patched Commvault Bug Still Exploitable
CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild.
Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.
Commvault ยท Command Center
Known ransomware use: Unknown
Follow the source advisory and validate exposure in your environment.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Recent reporting that mentions CVE-2025-34028.
CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed