Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

CISA adds Citrix Netscaler CVE-2025-5777 to KEV catalog as an active exploit target enterprise

Grok 4 appears to be consulting with Elon Musk to answer controversial questions

AWS will launch AI Agent Marketplace next week with humanity as partners

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Commvault CVE-2025-34028 Added to CISA Kev after aggressive exploitation was confirmed
Identity

Commvault CVE-2025-34028 Added to CISA Kev after aggressive exploitation was confirmed

userBy userMay 5, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

May 5, 2025Ravi LakshmananVulnerability/Zero Day

Over a week after it was published, the US Cybersecurity and Infrastructure Security Agency (CISA) added the maximum security flaws affecting the Commvault Command Center to its known Exploited Vulnerabilities (KEV) catalog.

The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0). This is a past traversal bug affecting versions 11.38.0 to 11.38.19 to 11.38.19. It is described in versions 11.38.20 and 11.38.25.

“Commvault Command Center contains a past traversal vulnerability that allows remote, unauthorized attackers to execute arbitrary code,” the CISA said.

Cybersecurity

This flaw allows an attacker to upload a ZIP file. This can cause remote code execution when decompressed on the target server.

WatchTowr Labs, a cybersecurity company that was recognized to have discovered and reported the bug, said the issue resides on an endpoint called “DeployWebPackage.do.”

Currently, it is unknown in what context the vulnerability is being exploited, but development has the flaws of the second Commvault in the actual attack after CVE-2025-3928 (CVSS score: 8.7).

The company revealed last week that its exploitative activities had impacted a small number of customers, but noted that there was no unauthorized access to customer backup data.

In light of the active exploitation of CVE-2025-34028, the necessary patches must be applied by May 23, 2025 to ensure the network.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleA new startup called Bono aims to modernize the way people donate to charities
Next Article The founder of Rourke was almost broken when the virus tweet led to $2.8 million and A16z
user
  • Website

Related Posts

CISA adds Citrix Netscaler CVE-2025-5777 to KEV catalog as an active exploit target enterprise

July 11, 2025

A critical MCP-Remote vulnerability allows remote code execution, affecting over 437,000 downloads

July 10, 2025

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

July 10, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

CISA adds Citrix Netscaler CVE-2025-5777 to KEV catalog as an active exploit target enterprise

Grok 4 appears to be consulting with Elon Musk to answer controversial questions

AWS will launch AI Agent Marketplace next week with humanity as partners

In Varda Space, major players in Silicon Valley make big bets on making drugs in space

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.