Commvault: Vulnerability Patch Works as Intended
Commvault, Friday, May 9th, 2025
The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.
Commvault has disputed a security researcher's claims that an exploit for a recently disclosed maximum severity vulnerability, tracked as CVE-2025-34028, in its Command Center Web-based management interface remains effective even in recently updated versions of the software.
In comments to Dark Reading, Commvault spokesperson Ross Camp called researcher Will Dormann's observation earlier this week inaccurate. He attributed the issue to Dormann not being registered with Commvault, which prevented him from accessing and applying the appropriate update.