A essential safety flaw has been disclosed within the Commvault Command Heart that would permit arbitrary code execution on affected installations.
The vulnerability, tracked as CVE-2025-34028, carries a CVSS rating of 9.0 out of a most of 10.0.
“A essential safety vulnerability has been recognized within the Command Heart set up, permitting distant attackers to execute arbitrary code with out authentication,” Commvault said in an advisory revealed on April 17, 2025. “This vulnerability could lead on to an entire compromise of the Command Heart setting.”
It impacts the 11.38 Innovation Launch, from variations 11.38.0 by 11.38.19, and has been resolved within the following variations –
watchTowr Labs researcher Sonny Macdonald, who has been credited with discovering and reporting the flaw on April 7, 2025, said in a report shared with The Hacker Information that it could possibly be exploited to realize pre-authenticated distant code execution.
Particularly, the difficulty is rooted in an endpoint referred to as “deployWebpackage.do,” triggering what’s referred to as a pre-authenticated Server-Facet Request Forgery (SSRF) owing to the truth that there may be “no filtering as to what hosts could be communicated with.”
To make issues worse, the SSRF flaw might then be escalated to realize code execution by making use of a ZIP archive file containing a malicious .JSP file. All the sequence of occasions is as follows –
- Ship an HTTP request to /commandcenter/deployWebpackage.do, inflicting the Commvault occasion to retrieve a ZIP file from an exterior server
- Contents of the ZIP file get unzipped right into a .tmp listing underneath the attacker’s management
- Use the servicePack parameter to traverse the .tmp listing right into a pre-authenticated going through listing on the server, reminiscent of ../../Reviews/MetricsUpload/shell
- Execute the SSRF by way of /commandcenter/deployWebpackage.do
- Execute the shell from /experiences/MetricsUpload/shell/.tmp/dist-cc/dist-cc/shell.jsp
watchTowr has additionally created a Detection Artefact Generator that organizations can use to find out if their occasion is susceptible to the vulnerability.
With vulnerabilities in backup and replication software program like Veeam and NAKIVO coming underneath lively exploitation within the wild, it is important that customers apply obligatory mitigations to safeguard in opposition to potential threats.
Source link