Saturday, May 3, 2025
HomeCVE/vulnerabilityCommvault Webserver Flaw Allows Attackers to Gain Full Control

Commvault Webserver Flaw Allows Attackers to Gain Full Control

Published on

SIEM as a Service

Follow Us on Google News

Commvault has revealed a major vulnerability in its software that could allow malicious actors to gain full control of its webservers.

The issue, identified as CV_2025_03_1, has been categorized as a high-severity flaw and impacts multiple versions of the Commvault platform running on both Linux and Windows.

The vulnerability in question allows attackers to create and execute webshells, providing them with unchecked access to the webserver.

- Advertisement - Google News

While the exact CVE (Common Vulnerabilities and Exposures) identifier is not specified, the nature of the exploit indicates a critical risk for data integrity and security.

Affected Products

The following table lists the affected Commvault products:

ProductAffected VersionsResolved Version
Commvault11.36.0 – 11.36.4511.36.46
Commvault11.32.0 – 11.32.8711.32.88
Commvault11.28.0 – 11.28.14011.28.141
Commvault11.20.0 – 11.20.21611.20.217

Resolution and Security Update

To address this high-risk vulnerability, Commvault has urged users to immediately install the latest maintenance releases on both CommServe and Web Servers.

Additional security enhancements were implemented as of March 7th, 2025, to maintain webserver module security further.

This proactive step is crucial to prevent potential breaches and ensure the security of critical data.

Organizations relying on Commvault for data management and backup must take immediate action to patch their systems.

Given the potential for attackers to gain full control via webserver compromise, it is essential to expedite the update process to mitigate the risk of data breaches and unauthorized access.

As cybersecurity threats continue to evolve, companies must prioritize timely updates and security audits to safeguard their systems and data.

Regular checks for software vulnerabilities, like the one revealed in Commvault, are indispensable for maintaining robust security postures.

The discovery and resolution of this critical vulnerability underscore the importance of proactive cybersecurity measures, particularly in sectors that rely heavily on cloud and data management solutions like Commvault.

Ensuring that all software is up-to-date and secure is a priority for organizations seeking to protect against increasingly sophisticated cyberattacks.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...