FortiGuard Outbreak Alert: Commvault Command Center Path Traversal Vulnerability

kcheung · ‎05-22-2025

Description

FortiGuard Labs have observed exploitation attempts of CVE-2025-34028 in Commvault Command Center.

Commvault is a data protection and data management software. Commvault Command Center is the web-based interface for managing Commvault.

CVE-2025-34028 is a path traversal vulnerability in Commvault Command Center which allows unauthenticated attacker to execute code.

The following versions of Commvault Command Center are vulnerable to CVE-2025-34028:

11.38.0 ≤ Version < 11.38.20

CVE ID   

CVE-2025-34028 (https://nvd.nist.gov/vuln/detail/CVE-2025-34028)

NDR Cloud Detection Rule

FortiNDR Cloud v25.2b+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)	Attack:Exploitation	T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Commvault Command Center Path Traversal Vulnerability” related activities.
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=commvault%20cc%20path%20traversal

All IOCs listed above have been added to Threat Intelligence Intel.

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below:
2061837 -> ET WEB_SPECIFIC_APPS Commvault Pre-Auth SSRF/RCE via deployWebpackage.do (CVE-2025-34028)
2061838 -> ET WEB_SPECIFIC_APPS Commvault Pre-Auth RCE via deployServiceCommcell.do (CVE-2025-34028)
2061839 -> ET MALWARE Commvault Pre-Auth RCE (CVE-2025-34028) Post-Exploitation Activity (jsp webshell)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to:
https://www.fortiguard.com/outbreak-alert/commvault-cc-path-traversal

FortiGuard Outbreak Alert: Commvault Command Center Path Traversal Vulnerability

You are leaving our website