← back
CVE-2025-34136

Commvault CommServe Web Server Unauthenticated SQL Injection

CVSS 6.9 MEDIUMEPSS 0.4%CWE-89
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Commvault · Commvault

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://documentation.commvault.com/securityadvisories/CV_2025_04_2.htmlhttps://www.vulncheck.com/advisories/commvault-commserve-web-server-unauth-sqli