External risk intelligence

Commvault Command Center Path Traversal Leads to Code Execution.

CVE advisoryKnown Exploit

CVE-2025-34028

An unauthenticated actor can exploit a path traversal vulnerability in Commvault Command Center, potentially leading to remote code execution. This impacts organizations' systems, data, and business operations by allowing unauthorized control.

4Halo Surface Signal

Path Traversal

Commvault

11.38.0 to before 11.38.20

External exposure likelihood

Halo Surface Signal score for CVE-2025-34028

The Commvault Command Center is a centralized web-based management platform designed for administrative oversight. Such interfaces are commonly deployed in reachable network segments, acting as gateways for data management and system control, which makes them frequently exposed to network access in enterprise environments.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

The Commvault Command Center's Innovation Release is susceptible to a path traversal vulnerability. This flaw enables unauthenticated actors to upload ZIP files that, when processed by the server, can lead to unauthorized code execution. The impact of such an exploit could compromise system integrity and lead to significant business disruption.

  • Vulnerable Commvault Command Center
  • Unrestricted ZIP file processing
  • Remote code execution on servers

Attack Path

How an attacker could exploit the issue

An unauthenticated actor can exploit a path traversal vulnerability in the Commvault Command Center. This allows an attacker to upload a malicious ZIP file disguised as an install package. When the target server expands this ZIP file, it can lead to remote code execution through a malicious JSP file. This attack could compromise the integrity and confidentiality of the affected systems.

  • Exposure through Commvault Command Center.
  • Attacker uploads a malicious ZIP file.
  • Server expands ZIP, enabling remote code execution.

Live Threat

Current exploitation, exposure, and threat context

The Commvault Command Center Innovation Release is susceptible to a critical vulnerability that could allow for remote code execution. An unauthenticated actor could exploit this by uploading a malicious ZIP file, which, when processed by the target server, could lead to unauthorized code execution. This poses a significant risk to the integrity and security of the affected systems. Organizations should consider this a high-priority threat due to its potential for severe impact and the ease of exploitation.

  • Likely attacker skill level: Low.
  • Required access or conditions: Unauthenticated network access.
  • Business risk or urgency: Critical, potential for code execution.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The Commvault Command Center Innovation Release is impacted by a critical vulnerability that allows unauthenticated actors to execute remote code. This occurs when a specially crafted ZIP file, representing an install package, is uploaded. When the target server expands this package, a path traversal vulnerability can be exploited to execute malicious code. This could lead to unauthorized access and control over affected systems.

  • Identify Commvault Command Center assets.
  • Restrict access to Command Center.
  • Apply vendor updates and validate.
  • Monitor for suspicious activity.

Frequently asked questions

What is the Commvault Command Center Innovation Release and its function?

The Commvault Command Center Innovation Release is a centralized, web-based platform designed for managing and overseeing Commvault data protection and management operations. It provides a unified interface for administrators to control various aspects of backup, recovery, and data security within an organization's infrastructure.

What type of weakness does CVE-2025-34028 describe?

CVE-2025-34028 describes a path traversal weakness (CWE-22). This vulnerability allows an attacker to bypass security restrictions by manipulating file paths, enabling them to access or modify files and directories outside of their intended scope within the Commvault Command Center.

How can an attacker exploit CVE-2025-34028 within the Commvault Command Center?

An unauthenticated actor can exploit this vulnerability by uploading a malicious ZIP file disguised as an install package. When the target server expands this ZIP file, it can lead to remote code execution through a malicious JSP file due to the path traversal flaw.

What is the significance of CVE-2025-34028 according to the Halo Surface Signal?

The Halo Surface Signal indicates a score of 4, labeling the vulnerability as 'Likely'. This is because the Commvault Command Center is a centralized web-based management platform often deployed in network-accessible segments, acting as a gateway for data management and system control, thus increasing its exposure.

What steps should be taken to address the vulnerability in Commvault Command Center?

Organizations should identify their Commvault Command Center assets, restrict access to the Command Center, and promptly apply vendor updates. It is also crucial to validate the successful application of patches and monitor for any suspicious activity to ensure system security.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified