CVE-2025-34028

CRITICAL KEV NUCLEI

Commvault Command Center Innovation Release <11.38.20 - Path Traversal

Title source: llm

Description

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438.

Exploits (5)

github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/Commvault-CVE-2025-34028.py
nomisec WORKING POC 21 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
nomisec WORKING POC 2 stars
by Mattb709 · remote
https://github.com/Mattb709/CVE-2025-34028-PoC-Commvault-RCE
nomisec SCANNER 1 stars
by becrevex · remote
https://github.com/becrevex/Commvault-CVE-2025-34028
nomisec SCANNER
by tinkerlev · infoleak
https://github.com/tinkerlev/commvault-cve2025-34028-check

Nuclei Templates (1)

Commvault - SSRF via /commandcenter/deployWebpackage.do
CRITICALVERIFIEDby DhiyaneshDk,abhishekrautela
FOFA: icon_hash="1209838013"

References (5)

Scores

CVSS v3 10.0
EPSS 0.6258
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2025-05-02
VulnCheck KEV 2025-04-30
ENISA EUVD EUVD-2025-12275
CWE
CWE-22 CWE-306
Status published
Products (1)
commvault/commvault 11.38.0 - 11.38.20
Published Apr 22, 2025
KEV Added May 02, 2025
Tracked Since Feb 18, 2026