Which versions of Commvault are affected by CVE-2025-34028?

Organizations using Commvault Command Center Innovation Release face critical risk from CVE-2025-34028, a path traversal vulnerability rated CVSS 9.3.

Is there a public PoC exploit available for CVE-2025-34028?

Yes, a public proof-of-concept exploit is available for CVE-2025-34028. Prioritise patching immediately. EPSS: 63.2%.

How to fix or mitigate CVE-2025-34028?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Commvault CVE-2025-34028

Q: What is the CVSS score of CVE-2025-34028?

CVE-2025-34028 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 63.2%.

CRITICAL

Path Traversal (CWE-22)

2025-04-22 disclosure@vulncheck.com

RCE Path Traversal Commvault

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:38 vuln.today

Added to CISA KEV

Nov 06, 2025 - 13:57 cisa

CISA KEV

PoC Detected

Nov 06, 2025 - 13:57 vuln.today

Public exploit code

CVE Published

Apr 22, 2025 - 17:16 nvd

CRITICAL 9.3

DescriptionCVE.org

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.

This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438.

AnalysisAI

Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server.

Technical ContextAI

The CWE-22 path traversal in the ZIP file expansion allows an attacker to upload a crafted ZIP containing JSP files with path traversal sequences. When the server expands the ZIP, the JSP is placed in the web-accessible directory for execution.

RemediationAI

Update Commvault. Scan web directories for unauthorized JSP files. Restrict access to the Command Center. Review backup operations for data exfiltration.

CVE-2025-34028 vulnerability details – vuln.today

Back