Commvault Catastrophe: Another Security Flaw Hits the Fan!
A second Commvault flaw, CVE-2025-34028, has been added to CISA’s Known Exploited Vulnerabilities catalog. With a CVSS score of 10/10, this path traversal flaw allows remote code execution without authentication. It’s the cybersecurity equivalent of finding a bear in your fridge—unexpected, dangerous, and nobody wants to deal with it!
Hot Take:
**_Looks like Commvault Command Center has been caught with its pants down not once, but twice in a week! With a perfect 10/10 vulnerability, it’s like a hacker’s dream come true. If you thought your Command Center was as solid as Fort Knox, think again. Hackers are rolling up their sleeves, and CISA’s got the popcorn ready._**
Key Points:
– CVE-2025-34028 is a path traversal flaw with a 10/10 CVSS score, allowing remote code execution without authentication.
– The flaw affects Commvault Command Center versions 11.38.0 to 11.38.19 and is fixed in versions 11.38.20 and 11.38.25.
– CISA added it to the Known Exploited Vulnerabilities catalog, emphasizing its active exploitation potential.
– Commvault also faced another vulnerability recently, CVE-2025-3928, highlighting increased threat actor interest.
– Federal agencies are urged to patch by May 23, 2025, per Binding Operational Directive 22-01.