On May 25, a critical vulnerability was found in Commvault’s Command Center environment. The vulnerability, rated the highest severity CVSS 10, would lead to unauthenticated remote code execution. This weakness is a terrible danger. It would completely breach the Command Center itself, leaking sensitive information and interrupting vital command center operations.

The vulnerability was found by Sonny Macdonald, a researcher with watchTowr Labs. In line with his professional ethics, Macdonald reported the weakness to US Government on April 7, 2025. Commvault first became aware of the issue and notified users via a security advisory published on April 17, 2025.

The actual vulnerability is in a specific web interface component called “deployWebpackage.do”. An attacker who’s able to exploit this flaw could run arbitrary code on the machine with no authentication whatsoever.

Commvault stated the flaw "could lead to a complete compromise of the Command Center environment." Such a compromise would not only risk sensitive data but impair essential operations.

Agnidipta Sarkar, VP CISO Advisory at ColorTokens, echoed just how severe that vulnerability was. He highlighted the urgency of the situation and called for transformative action to fix it.

This CVSS 10 flaw allows unauthenticated remote code execution, risking full compromise of Commvault’s Command Center. Immediate, sustained mitigation is essential. If full network shutdown isn’t feasible, tools like Xshield Gatekeeper can quickly isolate critical systems. Without action, the threat of ransomware and data loss is severe. - Agnidipta Sarkar

Sarkar advocates for immediate, sustained mitigation because the vulnerability is so stark. For organizations unable to perform a full network shutdown, Sarkar suggests using tools like Xshield Gatekeeper to quickly isolate critical systems.

The discovery of this vulnerability highlights the urgent necessity for defensive security by design. In this climate, organizations need to reduce the time required to apply security updates. Users of Commvault's Command Center are strongly advised to review Commvault's security advisory and apply the necessary patches immediately to protect their systems from potential attacks.