Commvault security advisory (AV25–249)

Serial number: AV25-249
Date: May 5, 2025

On April 11, 2025, Commvault published a security advisory to address a critical vulnerability in the following product:

Commvault – versions 11.38.0 to 11.38.19

Open-source reporting has indicated that CVE-2025-34028 may have been exploited.

On May 2, 2025, CISA added CVE-2025-34028 to their Known Exploited Vulnerabilities (KEV) Catalog.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates if available.

CISA - Known Exploited Vulnerabilities Catalog
Commvault Security Advisories - CV_2025_04_1
Commvault Cloud Security Advisories

Date modified:: 2025-05-05

Language selection

Search

Commvault security advisory (AV25–249)