Commvault ↗
Commvault · Infrastructure
20/100 Critical · exploited
Summary iPlain-English security verdict for Commvault, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Commvault currently scores 20/100 — critical, with active exploitation. 2 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2025-34028. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for Commvault each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2025-34028 CRITICAL ● exploited Path traversal EPSS 69% → fixed in 11.38.20 CVE-2025-3928 HIGH ● exploited EPSS 29% → fixed in 11.36.46 CVE-2017-18044 CRITICAL OS command injection EPSS 83% → see advisory CVE-2025-57788 MEDIUM CWE-259 EPSS 81% → fixed in 11.36.60 CVE-2025-57790 HIGH CWE-36 EPSS 46% → fixed in 11.36.60 CVE-2025-57791 MEDIUM CWE-88 EPSS 38% → fixed in 11.36.60ℹ lifecycle unknown — needs latest supported version