A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0. CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities Catalog, urging users to patch it before May 23, 2025.
