Path traversal vulnerability in Commvault Command Center Innovation Release (CVE-2025-34028)
CVE number = CVE-2025-34028
A critical security vulnerability has been identified in the Commvault Command Center installation, allowing remote attackers to execute arbitrary code without authentication.
This vulnerability could lead to a complete compromise of the Commvault Command Center environment.
Fortunately, other installations within the same system are not affected by this vulnerability.
This vulnerability impacts only the 11.38 Innovation Release and has been resolved in the following Innovation Update releases. All other versions are not affected.
- 11.38.20, which includes the fix as of April 10, 2025
- 11.38.25, which includes the fix as of April 10, 2025
Innovation releases are automatically managed according to predefined schedules, so manual intervention is not required.
If installing the update is not feasible, then isolate the Command Center installation from external network access.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.