Back to search
CVE-2024-13975
Published: Jul 25, 2025
Modified: Nov 22, 2025
PUBLISHED
Description
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8.
| Vendor | Product | Versions |
|---|---|---|
Commvault | Commvault | affected 11.20.0 - < 11.32.60affected 11.28.0 - < 11.32.60affected 11.32.0 - < 11.32.60affected 11.34.0 - < 11.34.34affected 11.36.0 - < 11.36.8 |
Weaknesses (CWE)
References
https://documentation.commvault.com/securityadvisories/CV_2024_09_1.html
vendor-advisory
patch
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now