Commvault's Command Center faced a critical CVE-2025-34028 flaw that jeopardized data protection by allowing remote code execution through ZIP files. Despite an update aimed at fixing this critical security vulnerability, users of free trial versions found themselves unprotected. Cybersecurity expert Will Dorman reported that while he had the supposed fixed version, the flaw was still exploitable without installing difficult-to-access additional updates. CISA urged all users to update, but inconsistent protection for trial users dramatically raised security concerns.
It seems that the VM that I have is 11.38.25, which contains the fix for CVE-2025-34028, EXCEPT the exploit for CVE-2025-34028 still works against it.
I talked to them on the phone, and I said, 'Hey, you guys should really update your advisory, because the current advisory indicates that 11.3, 8.20, is fixed now.'
Collection
[
|
...
]