CyberSecurityBoard
Sponsor Register Login

Commvault Webserver Vulnerability Let Attackers Compromise Webserver

The flaw affects multiple versions of Commvault’s software across Linux and Windows platforms, posing significant risks of unauthorized access, data exfiltration, and systemic breaches. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These stealthy scripts grant persistent remote access, enabling attackers to bypass authentication, manipulate protected data, and pivot to other network resources. With Commvault software integral to global data protection infrastructures spanning financial, healthcare, and government sectors—this vulnerability demands prioritized remediation. Network segmentation and strict inbound/outbound firewall rules for Commvault’s web ports (e.g., TCP/80, TCP/443) are critical interim measures for environments requiring delayed patching. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Commvault’s advisory explicitly warns that “Webservers can be compromised through bad actors creating and executing webshells,” highlighting the direct path to system takeover. Delaying patches risks exploitation, as webshells can evade traditional detection systems while maintaining covert access. Additionally, audit logs for anomalous POST requests to /webconsole/API or unexpected *.jspx file creations can help detect exploit attempts. Although the exploit specifics remain undisclosed, third-party researchers speculate it involves improper sanitization of user-supplied paths in file upload handlers. Cybercriminals are advancing beyond rudimentary phishing attempts, adopting sophisticated social engineering strategies that build relationships with targets before delivering malicious payloads. As cybercriminals increasingly target backup systems, securing Commvault environments becomes paramount to ensuring organizational resilience. She is covering various cyber security incidents happening in the Cyber Space. Patched releases were initially rolled out on March 4, 2025, with additional fixes on March 7 to strengthen webserver security. Webshells typically written in ASP, PHP, or JSP are often deployed through compromised file upload mechanisms or injection attacks. Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 07:10:07 +0000


Cyber News related to Commvault Webserver Vulnerability Let Attackers Compromise Webserver

Commvault Webserver Vulnerability Let Attackers Compromise Webserver - The flaw affects multiple versions of Commvault’s software across Linux and Windows platforms, posing significant risks of unauthorized access, data exfiltration, and systemic breaches. Cyber Security News is a Dedicated News Platform For Cyber ...
1 month ago Cybersecuritynews.com
Commvault RCE Vulnerability Lets Remote Attackers Execute Arbitrary Code - Security researchers have identified a path traversal vulnerability in Commvault Command Center that allows unauthenticated actors to upload malicious ZIP files which, when expanded by the target server, can result in Remote Code Execution (RCE). A ...
5 days ago Cybersecuritynews.com CVE-2025-34028
CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild - CISA has issued a new security warning about a critical vulnerability affecting the Commvault Web Server, built into one of the industry’s leading data protection platforms. This alert comes as security teams worldwide scramble to assess exposure ...
8 hours ago Cybersecuritynews.com CVE-2025-3928
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks - The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added ...
8 minutes ago Bleepingcomputer.com CVE-2025-42599
Commvault RCE Vulnerability Let Attackers Breach the Vault - PoC Released - The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. Cyber Security News is a Dedicated News ...
5 days ago Cybersecuritynews.com CVE-2025-34028
CVE-2017-18044 - A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to ...
5 years ago
CVE-2025-3928 - Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed ...
14 hours ago CVE-2025-3928
Only 13% of organizations are cyber mature - A staggering 83% of organizations have suffered a material security breach recently, with over half occurring in the past year alone, underscoring the critical need for advanced preparedness and agile response strategies, according to Commvault. For ...
9 months ago Helpnetsecurity.com
CVE-2024-34715 - Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes ...
10 months ago
Vulnerability Summary for the Week of February 12, 2024 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ...
1 year ago Cisa.gov
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
1 month ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack - Let's say TensorFlow wants to run a set of tests when a GitHub user submits a pull request. TensorFlow can define these tests in a yaml workflow file, used by GitHub Actions, and configure the workflow to run on the `pull request` trigger. One type ...
1 year ago Securityboulevard.com
CVE-2023-41319 - Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded ...
1 year ago
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
1 year ago Wordfence.com
The Last Mile of Encrypting the Web: 2023 Year in Review - At the start of 2023, we sunsetted the HTTPS Everywhere web extension. It encrypted browser communications with websites and made sure users benefited from the protection of HTTPS wherever possible. HTTPS Everywhere ended because all major browsers ...
1 year ago Eff.org
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
1 year ago Cisa.gov
CVE-2021-30118 - An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is ...
2 years ago
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com
It all adds up: Pretexting in executive compromise - If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords. While ...
9 months ago Securityintelligence.com
Navigating the Cybersecurity Landscape - Cyber threats are diverse and continually evolving, ranging from commonplace scams to highly sophisticated attacks. Let's delve deeper into the nature of prevalent threats, gaining a nuanced understanding that will serve as the foundation for robust ...
1 year ago Feeds.dzone.com
Don't get hacked! Apply the right vulnerability metrics to Kubernetes scans - As you read this, I'd like you to keep in mind that CVSS was never intended to be that end-all software vulnerability scoring system. Doesn't reflect actual risk - CVSS provides a base score that represents the inherent severity of a vulnerability in ...
1 year ago Securityboulevard.com
CVE-2020-15800 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. ...
2 years ago
CVE-2023-40273 - The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning ...
7 months ago
CVE-2020-17526 - Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)