Summary
| Vulnerability Name | Commvault Remote Code Execution (CVE-2025-34028) |
|---|---|
| Released on | April 25, 2025 |
| Affected Component | Commvault WebServer |
| Affected Version | 11.38.0 ≤ Commvault < 11.38.20 |
| Vulnerability Type | Remote code execution |
| Exploitation Condition |
|
| Impact | Exploitation difficulty: easy. Attackers can exploit this vulnerability to execute arbitrary code without authorization. Severity: critical. This vulnerability may result in remote code execution. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
Commvault WebServer, developed by Commvault, is a type of network server software known for its efficiency, security, and stability. It can provide users with reliable data backup, restoration, and archiving services. Commvault WebServer supports various operating systems and databases, and can seamlessly integrate with other Commvault products, offering users comprehensive data management solutions. In addition, it provides flexible management and monitoring capabilities, and can help users manage data more efficiently.
Vulnerability Description
On April 25, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in Commvault WebServer (CVE-2025-34028), classified as critical in threat level.
Specifically, there is a remote code execution vulnerability resulting from path traversals in Commvault. Unauthorized attackers can exploit this vulnerability to upload malicious ZIP files to the server through path traversals. Consequently, the malicious files are parsed, triggering the execution of arbitrary code and leading to server compromises.
The proof-of-concept (PoC) and exploit code for this vulnerability has been publicly disclosed across the Internet.
Affected Versions
The following Commvault versions are affected:
11.38.0 ≤ Commvault < 11.38.20
Solutions
Remediation Solutions
Official Solution
The latest version has been officially released to fix the vulnerability. Affected users are advised to update the Commvault version to 11.38.20 or later.
Download link:
https://documentation.commvault.com/11.38/essential/list_of_innovation_update_releases_in_11_38.html
Sangfor Solutions
Risky Asset Discovery
The following Sangfor products can conduct proactive detection on Commvault WebServer to discover affected assets in batches in business scenarios:
Sangfor Host Security: The corresponding asset discovery solution has been released. The fingerprint ID is 0021524.
Sangfor TSS: The corresponding asset discovery solution has been released. The fingerprint ID is 0021524.
Vulnerability Detection
The following Sangfor products can proactively detect CVE-2025-34028 vulnerabilities and quickly identify vulnerability risks in batches in business scenarios:
Sangfor Host Security: The corresponding detection solution will be released on April 27, 2025. The rule ID is SF-2025-00368.
Sangfor TSS: The corresponding detection solution will be released on April 28, 2025. The rule ID is SF-2025-00990.
Sangfor Cyber Guardian Platform: The corresponding detection solution will be released on April 28, 2025. The rule ID is SF-2025-00990. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Sangfor TSS.
Sangfor XDR: The corresponding detection solution will be released on April 27, 2025. The rule ID is SF-2025-00368. In this case, make sure that Sangfor XDR is integrated with Sangfor Host Security.
Vulnerability Monitoring
The following Sangfor products support CVE-2025-34028 vulnerability monitoring, and can quickly identify affected assets and the impact scope in business scenarios in real time through traffic collection:
Cyber Command: The corresponding monitoring solution will be released on May 06, 2025. The rule ID is 11027495.
Sangfor Cyber Guardian Platform: The corresponding monitoring solution will be released on May 06, 2025. The rule ID is 11027495. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Cyber Command.
Sangfor XDR: The corresponding monitoring solution will be released on May 06, 2025. The rule ID is 11027495.
Vulnerability Prevention
The following Sangfor products can effectively block CVE-2025-34028 exploits:
Network Secure: The corresponding prevention solution will be released on May 06, 2025. The rule ID is 11027495.
Sangfor Web Application Firewall: The corresponding prevention solution will be released on May 06, 2025. The rule ID is 11027495.
Sangfor Cyber Guardian Platform: The corresponding prevention solution will be released on May 06, 2025. The rule ID is 11027495. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Network Secure.
Sangfor XDR: The corresponding prevention solution will be released on May 06, 2025. The rule ID is 11027495. In this case, make sure that Sangfor XDR is integrated with Network Secure.
Timeline
On April 25, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in Commvault (CVE-2025-34028).
On April 25, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-34028
- https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html?ref=labs.watchtowr.com
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
