Commvault Critical Vulnerability - 20250424001¶
Overview¶
A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication. This vulnerability could lead to a complete compromise of the Command Center environment.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Commvault | 11.38.0 - 11.38.19 | CVE-2025-34028 | 10.0 | Critical |
What has been observed?¶
The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected products within expected timeframes (refer Patch Management):
- Commvault Security advisory: https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html