Commvault | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions 11.38.0 through 11.38.19. It has been addressed in versions 11.38.20 and 11.38.25. "Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code," CISA said . The flaw essentially permits an attacker to upload ZIP files that, when decompressed on the target server, could result in remote code execution. Cybersecurity company watchTowr Labs, which was credited with discovering and reporting the bug, said the problem resides in an endpoint called "deployWebpackage.do" that triggers a pre-authenticat...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw affecting Broadcom Brocade Fabric OS that allows a local user with administrative privileges to execute arbitrary code with full root privileges CVE-2025-3928 (CVSS score: 8.7) - An unspecified flaw in the Commvault Web Server that allows a remote, authenticated attacker to create and execute web shells "Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment," Commvault said in an advisory released in February 2025. "Unauthenticated access is not exploitable. For software customers, this means your ...

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication," Commvault said in an advisory published on April 17, 2025. "This vulnerability could lead to a complete compromise of the Command Center environment." It impacts the 11.38 Innovation Release, from versions 11.38.0 through 11.38.19, and has been resolved in the following versions - 11.38.20 11.38.25 watchTowr Labs researcher Sonny Macdonald, who has been credited with discovering and reporting the flaw on April 7, 2025, said in a report shared with The Hacker News that it could be exploited to achieve pre-authenticated remote code execution. Specif...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...