Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)

What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault’s Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 9.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise. Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.What is the recommended Mitigation?Commvault has addressed this vulnerability in the following patched versions:​ 11.38 and 11.38.25. FortiGuard Labs strongly recommends that organizations prioritize applying the latest security updates.Also, organizations can restrict access to the Command Center interface to trusted networks to reduce the attack surface.What FortiGuard Coverage is available?•  Intrusion Prevention System (IPS): A signature is being developed to detect and block exploit attempts targeting CVE-2025-34028.​•  Anti-Malware using Antivirus and Sandbox: Signatures for known malware and Behavioral detection for unknown malware are available and can protect against delivery of malware.•  The FortiGuard Incident Response team is available to assist with any suspected compromise.Read More