On April 24, 2025, watchTowr published technical details and a proof-of-concept (PoC) exploit for a critical vulnerability in Commvault Command Center, CVE-2025-34028, which had been disclosed earlier in April. Commvault Command Center is a web-based interface used to manage data protection, backup, and recovery operations across enterprise environments.
CVE-2025-34028 allows unauthenticated remote threat actors to potentially achieve remote code execution (RCE) on affected instances. The flaw arises from an issue in the deployWebpackage.do endpoint, which enables a pre-authenticated Server-Side Request Forgery (SSRF) due to insufficient host filtering, and can be escalated to code execution by leveraging a malicious ZIP archive containing a .JSP file.
Arctic Wolf has not observed exploitation of CVE-2025-34028 at this time. Threat actors, particularly ransomware groups, have previously targeted similar data protection products due to their critical role in backup and recovery. Given the level of access they could obtain and the low barrier to entry, threat actors are likely to target this vulnerability in the near future, especially with the proof-of-concept (PoC) now publicly accessible.
Recommendations for CVE-2025-34028
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Commvault (Linux, Windows) | 11.38.0 – 11.38.19 | 11.38.20 |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
Remove Publicly-Exposed Instances of Commvault Command Center from the Public Internet
Since Commvault Command Center is intended as an internal management service that should not be accessed from the public internet, ensure that the service is not listening on the internet where it may be subject to exploitation of CVE-2025-34028 or other potential vulnerabilities.
Note: Exact firewall configuration instructions will vary depending on the hardware used. Please refer to your firewall’s documentation as required.
References
Resources
