Main Vulnerability Database Exploits ID:11388 - Exploit for Path traversal in Commvault - CVE-2025-34028

ID:11388 - Exploit for Path traversal in Commvault - CVE-2025-34028

Published: May 9, 2025

Vulnerability identifier: #VU108659

Vulnerability risk: High

CVE-ID: CVE-2025-34028

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Commvault

Link to public exploit:

https://github.com/Mattb709/CVE-2025-34028-PoC-Commvault-RCE

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when parsing directory traversal characters in .zip files. A remote non-authenticated attacker can upload a specially crafted .zip file that, when expanded, can overwrite arbitrary files on the system, leading to remote code execution.

Remediation

Install updates from vendor's website.

ID:11388 - Exploit for Path traversal in Commvault - CVE-2025-34028

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human