The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting Commvault Command Center. 

Technical Details

A threat researcher named Sonny Macdonald discovered a path traversal vulnerability in Commvault Command Center that allows remote code execution. This is a vulnerability with a CVSS Score 9.0/10.

Affected Products:

The specific vulnerability affects only the 11.38 release.

Recommendations

Affected versions are from 11.38.0 to 11.38.19 both in Windows and Linux Commvault pushes automatically the updates without the need for manual intervention.

However, Commvault said that if it’s not possible to install the update, the Command Center should be isolated from external network access.

References

1.  Common Vulnerabilities & Exposures
2.  Common Weakness Enumeration

The information presented in this report is based on available data up to the 28th of April 2025. 

 [ Get the report  in .PDF ]