CyberSecurity news
FlagThis - #commvault
|
@arcticwolf.com
//
Commvault has issued updated advisories regarding a critical vulnerability, CVE-2025-34028, affecting Commvault Command Center. The flaw allows for remote code execution, posing a significant risk to organizations utilizing the platform. Initial patches were released, but Commvault has since clarified that simply being on versions 11.38.20 or 11.38.25 is not enough to fully remediate the vulnerability. Specific updates within those versions are required to effectively address the security gap, an update which was clarified on May 7, 2025.
The Cybersecurity and Infrastructure Security Agency (CISA) has added the Commvault Command Center vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This designation underscores the severity of the flaw and the potential for active exploitation, prompting immediate action from organizations to apply the necessary updates. Fortunately, Commvault seems to have resolved the issue where the "Upgrade software" option was not working for unregistered systems. It is now possible to obtain the necessary fixes for CVE-2025-34028 by clicking "Upgrade now," even without being registered with Commvault. However, the "Check updates" button in the "Download or copy software" section is still malfunctioning. It incorrectly reports systems as "Up-to-date" even when they are not fully patched against CVE-2025-34028. Users must ensure they have the appropriate specific updates within versions 11.38.20 or 11.38.25 as mentioned in Commvault's clarified advisory to achieve full remediation. Staying vigilant, monitoring security advisories, and diligently applying patches and updates are crucial for maintaining a robust security posture and mitigating potential cyber threats.
Share:
References :
Classification:
@documentation.commvault.com
//
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-34028, has been discovered in Commvault Command Center. This security flaw, rated a severity of 9.0 out of 10, allows unauthenticated remote attackers to execute arbitrary code on affected installations. The vulnerability stems from a path traversal issue that can lead to a complete compromise of the Command Center environment. Commvault acknowledged the flaw in an advisory released on April 17, 2025, highlighting the potential for attackers to gain control of the system without requiring authentication.
Commvault Command Center versions 11.38.0 through 11.38.19 of the 11.38 Innovation Release are impacted by this vulnerability. The root cause lies within the "deployWebpackage.do" endpoint, which is susceptible to a pre-authenticated Server-Side Request Forgery (SSRF) attack. This is because there is no filtering as to what hosts can be communicated with. Attackers can exploit this by sending an HTTP request to the vulnerable endpoint, causing the Commvault instance to retrieve a malicious ZIP file from an external server. Once retrieved, the contents of the ZIP file are unzipped into a temporary directory under the attacker's control. The vulnerability was discovered and reported by Sonny Macdonald, a researcher at watchTowr Labs, on April 7, 2025. watchTowr published technical details and a proof-of-concept (PoC) exploit on April 24, 2025, increasing the urgency for users to apply the necessary patches. Commvault has addressed the vulnerability in versions 11.38.20 and 11.38.25, urging all users to upgrade immediately. The vulnerability was last modified by NIST’s National Vulnerability Database on April 23. watchTowr has also created a Detection Artefact Generator that organizations can use to determine if their instance is vulnerable to the vulnerability.
Share:
References :
Classification:
|