Primary

Context

Commvault Windows Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability exists in Commvault for Windows in versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker with the file server agent installed on their client system can compromise any assigned Windows access nodes. This vulnerability may lead to unauthorized access or lateral movement within the backup infrastructure.

Impact

Exploitation of this vulnerability could allow a local attacker to escalate privileges, potentially leading to unauthorized access or lateral movement within the backup infrastructure by compromising assigned Windows access nodes.

Remediation

Users can upgrade to Commvault versions 11.32.60, 11.34.34, or 11.36.8 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Commvault Windows Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Commvault

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating