1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Commvault Command Center Path Traversal Vulnerability

Known Exploited Vulnerabilities CVE-2025-34028

Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
Due to an issue with deployWebpackage.do, Commvault Command Center is vulnerable to SSRF attacks due to flawed host filtering, which an attacker can exploit to achieve remote code execution using malicious archives with .jsp files in them.
References
  1. https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability primary_impact T1059.007 JavaScript
Comments
Due to an issue with deployWebpackage.do, Commvault Command Center is vulnerable to SSRF attacks due to flawed host filtering, which an attacker can exploit to achieve remote code execution using malicious archives with JavaScript files in them.
References
  1. https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/