Windows News
Overview
On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory regarding active cyber threats targeting its Metallic software-as-a-service (SaaS) application. The advisory highlighted the exploitation of two critical vulnerabilities: CVE-2025-34028 and CVE-2025-3928. These vulnerabilities have significant implications for cloud security and data protection.
Background on Commvault and Metallic
Commvault is renowned for its comprehensive data management solutions, offering services such as data backup, recovery, and cloud data management. Metallic, Commvault's SaaS platform, provides cloud-based data protection services, catering to enterprises seeking scalable and secure data management solutions.
Details of the Vulnerabilities
CVE-2025-34028
- Description: A path traversal vulnerability in Commvault Command Center's Innovation Release allows unauthenticated attackers to upload ZIP files. When these files are expanded by the target server, they can lead to remote code execution (RCE).
- Affected Versions: 11.38.0 to 11.38.19.
- Resolved Versions: 11.38.20 and 11.38.25.
- Severity: Critical, with a CVSS score of 10.0.
- Mitigation: Users are advised to upgrade to the resolved versions and apply additional updates as specified by Commvault. If updating is not feasible, isolating the Command Center installation from external network access is recommended.
CVE-2025-3928
- Description: An unspecified vulnerability in Commvault Web Server allows authenticated attackers to create and execute web shells, potentially leading to full system compromise.
- Affected Versions: 11.36.0 to 11.36.45, 11.32.0 to 11.32.88, 11.28.0 to 11.28.140, and 11.20.0 to 11.20.216.
- Resolved Versions: 11.36.46, 11.32.89, 11.28.141, and 11.20.217.
- Severity: High, with a CVSS score of 8.7.
- Mitigation: Immediate installation of the resolved maintenance releases on CommServe, Web Servers, and Command Center is crucial. This vulnerability does not impact client computers.
Implications and Impact
The exploitation of these vulnerabilities poses severe risks, including unauthorized access, data breaches, and potential system takeovers. Organizations utilizing Commvault's services must prioritize patching these vulnerabilities to safeguard their data and infrastructure.
Technical Analysis
CVE-2025-34028 involves a path traversal flaw that permits unauthenticated attackers to upload malicious ZIP files. Upon extraction, these files can execute arbitrary code on the server, leading to RCE. This vulnerability underscores the importance of input validation and secure file handling practices. CVE-2025-3928 allows authenticated users to deploy web shells, providing persistent remote access to attackers. This vulnerability highlights the necessity of stringent access controls and continuous monitoring of user activities.Recommendations
- Immediate Patching: Apply the latest security updates provided by Commvault to address these vulnerabilities.
- Network Segmentation: Isolate critical systems to limit potential lateral movement by attackers.
- Access Controls: Implement strict access policies and regularly review user permissions.
- Monitoring and Logging: Enhance monitoring to detect unusual activities and maintain comprehensive logs for forensic analysis.
- Incident Response Planning: Develop and regularly update incident response plans to swiftly address potential breaches.
Conclusion
The recent advisories from Commvault serve as a critical reminder of the evolving cyber threat landscape. Organizations must remain vigilant, promptly apply security patches, and adopt comprehensive security measures to protect their data and systems.
Tags
- applicationsecrets
- azure
- cisa
- cloudbackupsecurity
- cloudsecurity
- commvault
- cve-2025-34028
- cve-2025-3928
- cybersecurity
- dataprotection
- enterprisesecurity
- microsoftentra
- pathtraversal
- remotecodeexecution
- saassecurity
- securitypatches
- threatmitigation
- vulnerability
- webshell
- zeroday