Outbreak Alert

Commvault Command Center Path Traversal Vulnerability

Released: Apr 30, 2025

Updated: May 01, 2025

Commvault CC Path Traversal Vulnerability Tags

Medium Severity

A path traversal vulnerability affecting Healthcare, Financial and Manufacturing

FortiGuard Labs has detected persistent attempts to exploit the Commvault Command Center path traversal vulnerability, identified as CVE-2025-34028. If attacks succeed, they could achieve full system compromise. FortiGuard telemetry shows exploitation attempts in the United States, Brazil, Turkey, the United Kingdom and Italy. Learn More »

Common Vulnerabilities and Exposures

Background

Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Affected web servers hosting the Commvault Command Center should implement the recommended mitigations outlined in the vendor's advisory.

April 28, 2025: CISA released their weekly Vulnerability Summary including the Commvault Vulnerability
https://www.cisa.gov/news-events/bulletins/sb25-118
April 24, 2025: FortiGuard Labs released a Threat Signal
https://www.fortiguard.com/threat-signal-report/6081/commvault-command-center-path-traversal-vulnerability-cve-2025-34028
May 02, 2025: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

DETECT

IOC
Outbreak Detection
Threat Hunting

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Commvault Advisory

Learn More »

Hacker News

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Commvault Command Center Path Traversal Vulnerability

A path traversal vulnerability affecting Healthcare, Financial and Manufacturing

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Commvault Advisory

Hacker News

About FortiGuard Outbreak Alerts

Threat Intelligence
Center