SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-34028

CVE-2025-34028: Commvault Command Center RCE Vulnerability

CVE-2025-34028 is a remote code execution vulnerability in Commvault Command Center that allows unauthenticated attackers to upload malicious ZIP files and execute arbitrary code. This article covers technical details, affected versions, and patches.

Updated:

CVE-2025-34028 Overview

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.

Critical Impact

This vulnerability permits the execution of arbitrary code, potentially leading to full server compromise.

Affected Products

  • Commvault Commvault
  • Linux Linux Kernel
  • Microsoft Windows

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to commvault
  • Not Available - CVE CVE-2025-34028 assigned
  • Not Available - commvault releases security patch
  • 2025-04-22 - CVE CVE-2025-34028 published to NVD
  • 2025-11-06 - Last updated in NVD database

Technical Details for CVE-2025-34028

Vulnerability Analysis

The vulnerability exists due to the improper validation of ZIP file paths when uploaded as install packages. This allows path traversal attacks, which can lead to remote code execution by deploying malicious JSP files.

Root Cause

The root cause is an inadequate input validation mechanism for ZIP archives, specifically missing checks against path traversal within the compressed file paths.

Attack Vector

Network: Remote attackers can exploit this vulnerability over a network without authentication.

java
// Example exploitation code (sanitized)
import java.nio.file.*;
public class POC {
    public static void main(String[] args) {
        try {
            // Potentially dangerous -- extracts files to arbitrary locations
            Path targetDir = Paths.get("/expected/directory");
            Files.walk(targetDir)
                 .forEach(System.out::println);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

Detection Methods for CVE-2025-34028

Indicators of Compromise

  • Unusual file paths present in installation directories.
  • Unexpected JSP files created in web server directories.
  • Anomalous uploads recorded in server logs.

Detection Strategies

Monitor for unauthorized ZIP uploads and inspect extracted paths against known safe directories. Utilize IDS/IPS systems to flag abnormal file operations originated by the web server.

Monitoring Recommendations

Regularly analyze web server logs for suspicious file extraction activities and correlate this with unauthorized external access attempts.

How to Mitigate CVE-2025-34028

Immediate Actions Required

  • Apply security patch available from Commvault.
  • Restrict file upload permissions to trusted users only.
  • Implement strong validation on file uploads to prevent path traversal.

Patch Information

The vulnerability is fixed in versions 11.38.20 with SP38-CU20-433, SP38-CU20-436 and 11.38.25 with SP38-CU25-434, SP38-CU25-438.

Workarounds

Limit the extraction of ZIP files to a quarantine area where manual verification can ensure no path traversal occurs.

bash
# Configuration example
chmod -R 700 /secure/directory
find /web/admin/uploads/ -name '*.zip' -exec mv {} /secure/quarantine/ \;

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne