Commvault Command Center has a major security flaw (CVE-2025-34028), discovered by watchTowr Labs, enabling pre-authenticated remote code execution via SSRF. With a CVSS score of 9.0, this vulnerability could lead to total compromise of the Command Center environment. Security experts emphasize the urgency for rigorous API security measures to prevent exploitation of vulnerable endpoints, which can expose sensitive data or disrupt data recovery processes.
The Commvault vulnerability underscores a significant risk: attackers can exploit weak API endpoints to gain extensive access to sensitive systems.
A vulnerability like this could lead to an immediate compromise of the host running the Command Center software.
Collection
[
|
...
]