Back to search
CVE-2025-34136
Published: Jul 25, 2025
Modified: Nov 19, 2025
PUBLISHED
Description
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.
| Vendor | Product | Versions |
|---|---|---|
Commvault | Commvault | affected 11.32.0 - <= 11.32.93affected 11.36.0 - <= 11.36.51affected 11.38.0 - <= 11.38.19 |
Weaknesses (CWE)
References
https://documentation.commvault.com/securityadvisories/CV_2025_04_2.html
vendor-advisory
patch
https://www.vulncheck.com/advisories/commvault-commserve-web-server-unauth-sqli
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now