CVE-2025-34028: Commvault Command Center Innovation Release Unathenticated Path Traversal
First published: Tue Apr 22 2025(Updated: )
A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38.
Credit: disclosure@vulncheck.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Commvault Command Center |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-34028?
CVE-2025-34028 has a high severity level due to its potential for remote code execution.
How can I fix CVE-2025-34028?
Fix CVE-2025-34028 by applying the latest security patch for Commvault Command Center Innovation Release.
Who is affected by CVE-2025-34028?
CVE-2025-34028 affects users of Commvault Command Center Innovation Release version 11.38.
What types of attacks can CVE-2025-34028 facilitate?
CVE-2025-34028 can facilitate remote code execution attacks by allowing unauthenticated users to upload malicious ZIP files.
What is a path traversal vulnerability in the context of CVE-2025-34028?
In CVE-2025-34028, a path traversal vulnerability enables unauthorized access to sensitive file paths, leading to security breaches.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/trending
- vendor/commvault
- canonical/commvault command center