Critical Commvault Vulnerability CVE-2025-34028 Added to CISA KEV After Active Exploitation
TL;DR
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability (CVE-2025-34028) in Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog.
- This vulnerability, with a CVSS score of 10.0, is a path traversal bug affecting versions up to 11.38 Innovation Release and has been actively exploited.
Critical Commvault Vulnerability Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw affecting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes shortly after the vulnerability was publicly disclosed, highlighting the urgency and severity of the issue.
Vulnerability Details
The vulnerability, identified as CVE-2025-34028, has a CVSS score of 10.0, indicating maximum severity. It is a path traversal bug that affects Commvault Command Center versions up to 11.38 Innovation Release. This type of vulnerability allows attackers to manipulate file paths, potentially leading to unauthorized access to sensitive files and directories.
Impact and Mitigation
Given the critical nature of this vulnerability, organizations using affected versions of Commvault Command Center are urged to apply the necessary patches and updates immediately. Failure to do so could result in severe security breaches, including data theft and system compromise.
For more detailed information, refer to the full article: source.
Conclusion
The addition of CVE-2025-34028 to CISA’s KEV catalog underscores the importance of prompt vulnerability management. Organizations must stay vigilant and proactive in applying security updates to protect against active exploitation attempts.
Additional Resources
For further insights, check: