Security News > 2025 > April > Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
2025-04-24 12:05
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution. About CVE-2025-34028 CVE-2025-34028 is a path traversal vulnerability affecting Commvault Command Center (Innovation Release) versions from 11.38.0 to 11.38.19, on Windows and Linux. It was unearthed by watchTowr researcher Sonny Macdonald, who discovered an … More → The post Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) appeared first on Help Net Security.
News URL
Related news
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)