Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Commvault Command Center
Alerts

Critical Vulnerability in Commvault Command Center

25 April 2025

Commvault has released security updates addressing a critical vulnerability affecting their Command Center installation. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Commvault has released security updates addressing a critical vulnerability (CVE-2025-34028) affecting their Command Center installation. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10 and a proof-of-concept exploit is publicly available.

Successful exploitation of the path traversal vulnerability could allow an unauthenticated attacker to achieve remote code execution. 

The vulnerability affects 11.38.19 and earlier versions of Innovation Release on Linux and Windows platforms.

Users and administrators of affected product versions are advised to update to the latest versions immediately.If installing the update is not feasible, security teams are advised to isolate the Command Center installation from external network access.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2025-34028

https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html

https://www.helpnetsecurity.com/2025/04/24/critical-commvault-rce-vulnerability-fixed-poc-available-cve-2025-34028/

Back to top