Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely


A critical flaw (CVE-2025-34028, CVSS 9.0) in Commvault Command Center (11.38.0–11.38.19) allows unauthenticated remote code execution via an SSRF in the deployWebpackage.do endpoint. Patched in 11.38.20 and 11.38.25, users should update immediately to avoid compromise.

Read More


thumb-image

Solutions