CVE-2025-34028 Scanner

CVE-2025-34028 Scanner - Server-Side Request Forgery vulnerability in Commvault

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

8 days 16 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Commvault is a widely used data management platform that provides enterprise-level data protection, backup, recovery, and archiving solutions. It is used by organizations to manage and protect critical data across physical, virtual, and cloud environments. The platform includes features like disaster recovery, data migration, and compliance management. Commvault’s Command Center Innovation Release is a centralized management interface that allows users to control and monitor data protection tasks, making it an essential tool for IT administrators. Commvault's wide adoption makes it a crucial part of many organizations' infrastructure, and its vulnerabilities, if exploited, can have severe consequences.

This vulnerability in Commvault’s Command Center Innovation Release allows unauthenticated attackers to exploit a path traversal flaw through the `/commandcenter/deployWebpackage.do` endpoint. The flaw enables attackers to upload ZIP files, which, when expanded by the target server, can result in remote code execution. This is a critical vulnerability that affects version 11.38 of Commvault, making it highly exploitable. An attacker can use this vulnerability to upload malicious files that could execute arbitrary commands on the server, leading to a complete system compromise.

The vulnerability occurs because the application does not properly validate the contents or paths of ZIP files uploaded through the `/commandcenter/deployWebpackage.do` endpoint. An attacker can craft a request that includes a malicious ZIP file containing a payload that, when unpacked, results in arbitrary code execution on the server. Since the vulnerability can be exploited without authentication, it poses a significant risk to organizations running vulnerable versions of Commvault Command Center. This SSRF vulnerability can lead to further attacks, such as gaining unauthorized access to internal services or data leakage.

Exploiting this vulnerability allows an attacker to execute arbitrary code on the Commvault server, which could lead to unauthorized access to sensitive data, full system compromise, and complete control over the affected infrastructure. The attacker could potentially bypass access controls and escalate privileges, allowing them to impact other services or systems within the organization's network. Furthermore, since this attack requires no authentication, it can be easily exploited by external attackers, making it a high-priority issue for Commvault users. The severity of this vulnerability is critical, and timely remediation is necessary to prevent further exploitation.

REFERENCES

Get started to protecting your Free Full Security Scan