Commvault CommServe Web Server Unauthenticated SQL Injection_CVE-2025-34136

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.

Basic Information

ID CVE-2025-34136

Source VulnCheck

Published Jul 25, 2025 at 15:49

Modified Jul 25, 2025 at 18:31

Affected Product

Vendor Commvault

Product Commvault

Version 11.32.0

Affected Versions Commvault Commvault 11.32.0
Commvault Commvault 11.36.0
Commvault Commvault 11.38.0

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.",
    "published": "2025-07-25T15:49:23.837Z",
    "modified": "2025-07-25T18:31:26.584Z",
    "type": "cve",
    "title": "Commvault CommServe Web Server Unauthenticated SQL Injection",
    "source": "VulnCheck",
    "references": "https://documentation.commvault.com/securityadvisories/CV_2025_04_2.html\nhttps://www.vulncheck.com/advisories/commvault-commserve-web-server-unauth-sqli",
    "id": "CVE-2025-34136",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Commvault Commvault 11.32.0\nCommvault Commvault 11.36.0\nCommvault Commvault 11.38.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Commvault",
    "version": "11.32.0",
    "vendor": "Commvault",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}