Cybersecurity Alert: US Agency Warns of Active Exploitation of Commvault Vulnerability

By Netvora Tech News

---

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a critical vulnerability in Commvault's backup software. The vulnerability, identified as CVE-2025-34028, allows attackers to remotely take control of vulnerable servers by downloading a malicious zip file.

Commvault's Command Center Innovation provides a web interface for managing backups, restores, and data in a centralized environment. Researchers at security firm WatchTowr discovered that vulnerable servers can be compromised by a specially crafted HTTP request, which downloads a zip file containing malicious JSP files from the attacker's server. The contents of the zip file are then unpacked into a .tmp directory, giving the attacker control over the system.

The impact of the vulnerability is rated 10.0 out of 10, making it a high-priority issue. Commvault was notified on April 7 and released a security update on April 10. WatchTowr publicly disclosed details of the vulnerability on April 24. Shortly after, CISA detected active exploitation of the vulnerability and issued a warning on May 2.

CISA also warned of active exploitation of a vulnerability in Commvault's web server in late April, but did not provide information on the observed attacks. Commvault's prompt response to the vulnerability is commendable, and users are advised to apply the security update as soon as possible to minimize the risk of exploitation.

• CVE-2025-34028: Critical vulnerability in Commvault's backup software
• Active exploitation detected by CISA
• Commvault released security update on April 10
• WatchTowr publicly disclosed details of the vulnerability on April 24

Cybersecurity agencies and organizations are urged to take immediate action to protect their systems and networks from this critical vulnerability.