Commvault Web Server
Moderate fix4 remedies
cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 11.36.0, <= 11.36.45
- >= 11.32.0, <= 11.32.88
- >= 11.28.0, <= 11.28.140
- >= 11.20.0, <= 11.20.216
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Commvault Web Server Unspecified Vulnerability Allowing Webshell Execution
Vulnerability
Exploited
Patched
A vulnerability has been identified in Commvault Web Server that allows remote, authenticated attackers to create and execute webshells. This issue affects several versions of Commvault software on both Windows and Linux platforms. The vulnerability was introduced in a zero-day exploit and has been linked to recent cyber threat activity targeting Commvault's SaaS cloud application, Metallic, according to CISA.
Impact
Exploitation of this vulnerability could lead to unauthorized webshells being executed on the affected web server, potentially allowing for further exploitation of the server or the environment.
Remediation
Users are advised to update to Commvault versions 11.36.46, 11.32.89, 11.28.141, or 11.20.217. For Commvault SaaS customers, no action is required as patches are automatically deployed. On-premises customers should apply the latest updates and follow best practices for securing Commvault applications.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
6.6remediation
7.7relevance
0.0threat
8.6urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.