Commvault Command Center Path Traversal Vulnerability

What is the Vulnerability?

A critical path traversal vulnerability has been identified in Commvault's Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 10.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise.

Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.

What is the recommended Mitigation?

Commvault has addressed this vulnerability in the following patched versions:​ 11.38 and 11.38.25. FortiGuard Labs strongly recommends that organizations prioritize applying the latest security updates.

Also, organizations can restrict access to the Command Center interface to trusted networks to reduce the attack surface.

What FortiGuard Coverage is available?

• Intrusion Prevention System (IPS): A signature is developed to detect and block exploit attempts targeting CVE-2025-34028.​ Intrusion Prevention | FortiGuard Labs

• Antimalware and Sandbox Service: Delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.

• The FortiGuard Incident Response team is available to assist with any suspected compromise.

• View the Outbreak alert for more details and solutions available: Commvault Command Center Path Traversal Vulnerability | Outbreak Alert