Friday, May 2, 2025
HomeCVE/vulnerabilityCommvault RCE Vulnerability Exploited—PoC Released

Commvault RCE Vulnerability Exploited—PoC Released

Published on

SIEM as a Service

Follow Us on Google News

Enterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in Commvault’s on-premise backup and recovery software.

The issue, tracked as CVE-2025-34028, has rocked the cybersecurity world, particularly after researchers published a fully working proof-of-concept (PoC) exploit.

With attackers actively probing for targets, organizations are being advised to act swiftly.

- Advertisement - Google News

Commvault is recognized as a leading enterprise-grade solution for backup, recovery, and data resilience.

As businesses increasingly depend on such tools to defend against ransomware and data loss, their security is more crucial than ever. The recently discovered flaw compromises this very trust.

Researchers from watchTowr Labs, who previously analyzed similar products from vendors like Veeam and NAKIVO, unearthed the CVE-2025-34028 in Commvault’s Windows on-premise software (Innovation Release 11.38.20).

Their detailed analysis likened the vulnerability hunt to a cinematic heist, emphasizing the high stakes involved when backup systems themselves become targets—rendering “restore from backup” an unviable defense against ransomware if the backups are tainted.

Exploitation Details(CVE-2025-34028): From SSRF to RCE

The vulnerability resides in a pre-authenticated API endpoint, /commandcenter/deployWebpackage.do, designed for internal package deployments.

The endpoint, intended to accept three parameters (commcellName, servicePack, version), inadvertently allows unauthenticated external users to not only initiate internal requests—a classic Server-Side Request Forgery (SSRF)—but also manipulate filesystem paths through directory traversal in the servicePack parameter.

Attackers can leverage the flaw to:

  • Make the Commvault server fetch and write arbitrary data from attacker-controlled hosts.
  • Use crafted paths to drop files in sensitive directories.
  • Ultimately, deploy a malicious zip archive containing webshells or other executable code, achieving remote code execution under the system’s context.

The researchers confirmed that, by exploiting SSRF and a lack of directory sanitization, arbitrary JavaServer Pages (JSP) files could be written and executed on the server—a complete compromise.

Proof-of-Concept Published, Exploitation Underway

A fully weaponized PoC is now public, dramatically lowering the barrier for attackers. Security teams have already observed scanning and exploitation attempts in the wild.

The criticality of CVE-2025-34028 cannot be overstated: If left unpatched, attackers can seize control of backup servers, steal credentials, exfiltrate sensitive archives, or launch ransomware attacks that disable recovery options.

Urgent Recommendations

  • Patch Immediately: Commvault has issued security updates; all installations should be upgraded without delay.
  • Monitor for Indicators: Organizations should look for unusual deployment requests, new files in web directories, or unexpected outbound traffic.
  • Restrict Public Access: Where feasible, ensure backup management interfaces are not exposed to the internet.

The Commvault CVE-2025-34028 story serves as a stark reminder: Even the tools meant to protect against disaster can become entry points if software security is not maintained vigilantly.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...