Subj : Commvault backup systems have an extremely worrying security issu To : All From : TechnologyDaily Date : Fri Apr 25 2025 15:45:07 Commvault backup systems have an extremely worrying security issue, so patch now Date: Fri, 25 Apr 2025 14:31:00 +0000 Description: Commvault bug affects multiple versions, but a patch is already available. FULL STORY ======================================================================A critical-severity security flaw was found in Commvault Command Center It allows threat actors to run arbitrary code remotely and without authentication Vulnerability could lead to complete compromise Cybersecurity researchers from watchTowr recently discovered a critical-severity flaw in Commvault Command Center that could allow threat actors to run arbitrary code remotely and without authentication. Commvault Command Center is a web-based interface that provides centralized management for data protection, backup , recovery, and compliance across hybrid environments, used by thousands of companies worldwide across industries like healthcare, finance, government, and manufacturing. The vulnerability is tracked as CVE-2025-34028, and has a severity score of 9.0/10 (critical). Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data. It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats. Preferred partner ( What does this mean? ) View Deal Second increase A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication, the security advisory said. This vulnerability could lead to a complete compromise of the Command Center environment. Fortunately, other installations within the same system are not affected by this vulnerability. Since this flaw allows remote attackers to execute arbitrary code without authentication, a threat actor could exploit it to gain unauthorized access to, for example, a government agency's backup system. Once inside, they could manipulate or delete sensitive data, disrupt operations, or install malware to maintain control. This could lead to data breaches, operational downtime, and loss of public trust. Ultimately, if classified information ends up being exposed, it could turn into a national security issue. Multiple versions are affected by the vulnerability: 11.38 Innovation Release, from versions 11.38.0 through 11.38.19. Users looking to mitigate the flaw should go for versions 11.38.20 and 11.38.25. So far, there is no evidence of abuse in the wild, and there is no proof-of-concept (PoC) just yet. However, most threat actors arent looking for zero-day vulnerabilities, but are rather waiting for security researchers to find and patch a flaw. They are betting that many users wont patch their endpoints on time, remaining vulnerable and thus easily exploitable. Via The Hacker News You might also like Microsoft will now pay you even more to find security bugs in Copilot Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/commvault-backup-systems-have-an-extrem ely-worrying-security-issue-so-patch-now --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .