If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution. About CVE-2025-34028 CVE-2025-34028 is a path traversal vulnerability affecting Commvault Command Center (Innovation Release) versions from 11.38.0 to 11.38.19, on Windows and Linux. It was unearthed by watchTowr researcher Sonny Macdonald, who discovered an … More

The post Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) appeared first on Help Net Security.