Commvault Command Center patch incomplete: researcher
Briefly

Commvault Command Center patch incomplete: researcher
"It seems that the VM that I have is 11.38.25, which contains the fix for CVE-2025-34028, EXCEPT the exploit for CVE-2025-34028 still works against it."
"I talked to them on the phone, and I said, 'Hey, you guys should really update your advisory, because the current advisory indicates that 11.3, 8.20, is fixed now.'"
Commvault's Command Center faced a critical CVE-2025-34028 flaw that jeopardized data protection by allowing remote code execution through ZIP files. Despite an update aimed at fixing this critical security vulnerability, users of free trial versions found themselves unprotected. Cybersecurity expert Will Dorman reported that while he had the supposed fixed version, the flaw was still exploitable without installing difficult-to-access additional updates. CISA urged all users to update, but inconsistent protection for trial users dramatically raised security concerns.
Read at Theregister
Unable to calculate read time
[
|
]