A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations.

The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0.

"A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication," Commvault said in an advisory published on April 17, 2025. "This vulnerability could lead to a complete compromise of the Command Center environment."