35 advisories tracked · Commvault Cloud Security Advisories · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Commvault's recent advisories.
Commvault Cloud Security Advisories
Polled by parsing the official Commvault security-advisories index (documentation.commvault.com), which lists every CV_YYYY_MM_N advisory with its CVEs and dates. Advisory pages are fetched for new items to extract severity, impacted products and the Feature Release / Maintenance Release fix table.
Visit Commvault security advisoriesLibcurl - Cookie Leakage Due to Stale Host Header Handling
libcurl – Cross Proxy Digest Authentication State Leak
Impact Assessment for CVE-2025-15467 and CVE-2024-5535 (OpenSSL)
OTP Invalidation Missing Upon Regeneration
MongoBleed: MongoDB Memory Disclosure Vulnerability (CVE-2025-14847)
Stored Cross-Site Scripting Vulnerability
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.CVSS Score: 8.7 High Commvault Software The following versions are impacted. Versions that are not listed are either out of support or unaffected. To view version support lifecyle, see Platform Release Schedule and Lifecycles. Product Platforms Affected Versions Resolved Version Status Commvault Linux, Windows 11.32.0 - 11.32.101 11.32.102 Resolved Commvault Linux, Windows 11.36.0 - 11.36.59 11.36.60 Resolved
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.CVSS Score: 6.9 Medium Commvault Software The following versions are impacted. Versions that are not listed are either out of support or unaffected. To view version support lifecyle, see Platform Release Schedule and Lifecycles. Product Platforms Affected Versions Resolved Version Status Commvault Linux, Windows 11.32.0 - 11.32.101 11.32.102 Resolved Commvault Linux, Windows 11.36.0 - 11.36.59 11.36.60 Resolved
Argument Injection Vulnerability in CommServe
Vulnerability in Initial Administrator Login Process
Tomcat Denial of Service Vulnerabilities
Handling Report Export Functionality
Authorization Schema Access Controls
Vulnerability in Commvault Command Center Installation
CVE.Org link: CVE-2025-3928 Save as PDF A vulnerability has been identified and remediated in all supported versions of the Commvault software. Webservers can be compromised through bad actors creating and executing webshells. Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your environment must be: (i) accessible via the internet, (ii) compromised through an unrelated avenue, and (iii) accessed leveraging legitimate user credentials.
Save as PDF A security vulnerability has been identified in the CommServe and Web Server installation that allows a remote SQL Injection attack without authentication. Other installations in the same system are not compromised by this vulnerability.CVSS Score: 5.5
Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability
Curl advisory
DLL Injection Vulnerability in the Software Installation Path
SQL Injection and Command Injection Advisory
Security vulnerability in Windows access nodes that are used for file server data protection
OpenSSH Security Regression (CVE-2006-5051) Vulnerability
Red Hat Enterprise Linux (RHEL) Malicious Injection Vulnerability
Apache Struts 2 Vulnerability
Heap Based Buffer Overflow Vulnerability in cURL
Remote Code Execution Vulnerability in Apache ActiveMQ
CVE.Org link: CVE-2023-4863 Save as PDF
Save as PDF Impacted Products With the recent announcement of the Volt Typhoon cyber campaign, our team has conducted a thorough security assessment of Commvault and Commvault Cloud services and have found no impact to the security, privacy, or integrity of your data backups. Resolution We also recommend you to check your Commvault and Commvault Cloud environment to ensure security controls such as the following are active:MFA is properly configured and up to dateDual authorization workflows are in place for backup and restore operationsCompliance locks are enabled for services, apps, and backup destinationsAdditionally, for customers looking for an extra layer of protection, we encourage you to evaluate ThreatWise, capable of surfacing zero-day and unknown threats in production environments. On this page
Remote Memory Corruption Vulnerability in OpenSSL
Remote Code Execution Vulnerability in Apache Common Text
Remote Code Execution Vulnerability in the Spring Framework
Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products
Local Privilege Escalation Vulnerability in Polkit's pkexec Utility
Authentication Bypass Vulnerabilities on CVWebService Endpoint