A critical vulnerability in the Commvault Command Center Innovation Release, tracked as CVE-2025-34028, has been actively exploited in the wild, prompting urgent action from security teams. The flaw, which carries a maximum CVSS score of 10, allows unauthenticated attackers to execute remote code by exploiting a path traversal vulnerability. This vulnerability arises when malicious actors upload specially crafted ZIP files that, once expanded by the target server, can execute arbitrary JSP code.
The vulnerability was disclosed on April 22, 2025, and was quickly added to CISA's Known Exploited Vulnerabilities (KEV) catalog on May 2, 2025, underscoring its critical nature. The Exploit Prediction Scoring System (EPSS) rates the likelihood of exploitation at 0.626, indicating a significant risk of attack. The vulnerability was exploited in the wild within just over nine days of its disclosure, highlighting the speed at which threat actors have moved to leverage this flaw.
Security researchers have identified at least four proof-of-concept (PoC) exploits circulating, which further increases the risk of widespread exploitation. The vulnerability stems from improper handling of ZIP file uploads, which can be manipulated to traverse directories and execute code on the server. This type of vulnerability, classified under CWE-22 and CWE-306, is particularly dangerous as it allows attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems.
Organizations using the Commvault Command Center are urged to apply the available patches immediately to mitigate the risk of exploitation. The vulnerability's inclusion in the KEV list means federal agencies are under a mandate to address this issue promptly, though all organizations should prioritize patching given the critical nature of the flaw.
Defenders should also monitor for indicators of compromise and review server logs for any suspicious ZIP file uploads or unauthorized JSP executions. Implementing additional security measures, such as network segmentation and enhanced monitoring, can help reduce the risk of exploitation and detect potential attacks early.
As attackers continue to exploit this vulnerability, it is crucial for organizations to remain vigilant and proactive in their security efforts. The rapid exploitation timeline and the availability of PoC exploits make CVE-2025-34028 a significant threat that requires immediate attention from security teams worldwide.
CSURFACE