![How AI Use Is Evolving Over Time [Infographic]](https://imgproxy.divecdn.com/YImJiiJ6E8mfDrbZ78ZFcZc03278v7-glxmQt_hx4hI/g:ce/rs:fit:770:435/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9ob3dfcGVvcGxlX3VzZV9BSV8xLnBuZw==.webp)
![[Weekly funding roundup April 19-25] VC inflow continues to remain subdued](https://images.yourstory.com/cs/2/220356402d6d11e9aa979329348d4c3e/Weekly-funding-1741961216560.jpg)
Commvault backup systems have an extremely worrying security issue, so patch now
Commvault bug affects multiple versions, but a patch is already available.
- A critical-severity security flaw was found in Commvault Command Center
- It allows threat actors to run arbitrary code remotely and without authentication
- Vulnerability could lead to complete compromise
Cybersecurity researchers from watchTowr recently discovered a critical-severity flaw in Commvault Command Center that could allow threat actors to run arbitrary code remotely and without authentication.
Commvault Command Center is a web-based interface that provides centralized management for data protection, backup, recovery, and compliance across hybrid environments, used by thousands of companies worldwide across industries like healthcare, finance, government, and manufacturing.
The vulnerability is tracked as CVE-2025-34028, and has a severity score of 9.0/10 (critical).
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Second increase
“A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication,” the security advisory said.
“This vulnerability could lead to a complete compromise of the Command Center environment. Fortunately, other installations within the same system are not affected by this vulnerability.”
Since this flaw allows remote attackers to execute arbitrary code without authentication, a threat actor could exploit it to gain unauthorized access to, for example, a government agency's backup system.
Once inside, they could manipulate or delete sensitive data, disrupt operations, or install malware to maintain control.
This could lead to data breaches, operational downtime, and loss of public trust. Ultimately, if classified information ends up being exposed, it could turn into a national security issue.
Multiple versions are affected by the vulnerability: 11.38 Innovation Release, from versions 11.38.0 through 11.38.19. Users looking to mitigate the flaw should go for versions 11.38.20 and 11.38.25.
So far, there is no evidence of abuse in the wild, and there is no proof-of-concept (PoC) just yet. However, most threat actors aren’t looking for zero-day vulnerabilities, but are rather waiting for security researchers to find and patch a flaw.
They are betting that many users won’t patch their endpoints on time, remaining vulnerable and thus easily exploitable.
Via The Hacker News
You might also like
- Microsoft will now pay you even more to find security bugs in Copilot
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
![How to Find Low-Competition Keywords with Semrush [Super Easy]](https://static.semrush.com/blog/uploads/media/73/62/7362f16fb9e460b6d58ccc09b4a048b6/how-to-find-low-competition-keywords-sm.png)
