Cyber Security News

Commvault Webserver Flaw Allows Attackers to Gain Full Control

Commvault has revealed a major vulnerability in its software that could allow malicious actors to gain full control of its webservers.

The issue, identified as CV_2025_03_1, has been categorized as a high-severity flaw and impacts multiple versions of the Commvault platform running on both Linux and Windows.

The vulnerability in question allows attackers to create and execute webshells, providing them with unchecked access to the webserver.

While the exact CVE (Common Vulnerabilities and Exposures) identifier is not specified, the nature of the exploit indicates a critical risk for data integrity and security.

Affected Products

The following table lists the affected Commvault products:

ProductAffected VersionsResolved Version
Commvault11.36.0 – 11.36.4511.36.46
Commvault11.32.0 – 11.32.8711.32.88
Commvault11.28.0 – 11.28.14011.28.141
Commvault11.20.0 – 11.20.21611.20.217

Resolution and Security Update

To address this high-risk vulnerability, Commvault has urged users to immediately install the latest maintenance releases on both CommServe and Web Servers.

Additional security enhancements were implemented as of March 7th, 2025, to maintain webserver module security further.

This proactive step is crucial to prevent potential breaches and ensure the security of critical data.

Organizations relying on Commvault for data management and backup must take immediate action to patch their systems.

Given the potential for attackers to gain full control via webserver compromise, it is essential to expedite the update process to mitigate the risk of data breaches and unauthorized access.

As cybersecurity threats continue to evolve, companies must prioritize timely updates and security audits to safeguard their systems and data.

Regular checks for software vulnerabilities, like the one revealed in Commvault, are indispensable for maintaining robust security postures.

The discovery and resolution of this critical vulnerability underscore the importance of proactive cybersecurity measures, particularly in sectors that rely heavily on cloud and data management solutions like Commvault.

Ensuring that all software is up-to-date and secure is a priority for organizations seeking to protect against increasingly sophisticated cyberattacks.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Gujarat Teen Arrested for Orchestrating Over 50 Cyberattacks in ‘Operation Sindoor’

Gujarat Anti-Terrorism Squad (ATS) has apprehended two individuals, including a minor, for orchestrating a series…

11 minutes ago

Cisco Webex Meetings Vulnerability Enables HTTP Response Manipulation

Security researchers have uncovered a vulnerability in Cisco Webex Meetings that could allow remote attackers…

24 minutes ago

Microsoft Expert Reveals the Hidden Dangers of Bad Code on Your PC’s Performance

Microsoft support engineer has identified a subtle but significant memory leak in .NET applications that…

28 minutes ago

Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation

Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated…

57 minutes ago

New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities

Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure…

2 hours ago

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication

Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security…

6 hours ago