Commvault Command Center upload path traversal

Added: 05/16/2025

Background

Commvault is a unified backup and recovery solution for cloud ready organizations. It gives complete backup and recovery protection for your business to cover all data wherever it resides.

Problem

A path traversal vulnerability allows unauthenticated users to upload arbitrary files which can then be executed using an HTTP GET request.

Resolution

Upgrade to Commvault version 11.38.20 or higher or apply the update referenced in CV_2025_04_1.

References

https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html
https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/

Limitations

If successful, this exploit uploads a file to a random directory name under the /reports/MetricsUpload directory which should be manually removed afterwards.
Back to exploit index