CVE-2025-34136 Information

Description

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93 11.36.0 - 11.36.51 and 11.38.0 - 11.38.19 Web Server component that allows a remote unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.

Reference

https://documentation.commvault.com/securityadvisories/CV_2025_04_2.html https://www.vulncheck.com/advisories/commvault-commserve-web-server-unauth-sqli

Related CNNVD

CNNVD-202507-3285 (Published: 2025-07-25)