Primary

Context

Commvault DLL Injection Vulnerability in Windows Maintenance Installer

Vulnerability

Patched

A DLL injection vulnerability has been identified in Commvault versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0 for Windows. This vulnerability allows an attacker with local access to exploit uncontrolled search path or DLL loading behavior during the installation of maintenance updates, potentially leading to arbitrary code execution with elevated privileges.

Impact

Exploitation of this vulnerability allows for DLL injection, enabling local attackers to execute arbitrary code with elevated privileges.

Remediation

Users can upgrade to Commvault versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, or 11.36.15 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Commvault DLL Injection Vulnerability in Windows Maintenance Installer

Vulnerability

Impact

Remediation

Affected Products

Commvault

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating