The Register: Commvault fixes critical Command Center issue after flaw finder alert

May 13, 2025

—

Source URL: https://www.theregister.com/2025/05/13/patch_commvault_cvss_10/
Source: The Register
Title: Commvault fixes critical Command Center issue after flaw finder alert

Feedly Summary: Pay-to-play security on CVSS 10 issue is now fixed
An update that fixed a critical flaw in data protection biz Commvault’s Command Center was initially not available to a significant user subset – those testing out a free trial version of the product. That is, until a security researcher pointed out the problem.…

AI Summary and Description: Yes

Summary: The text discusses the critical flaw in Commvault’s Command Center, highlighting the security implications of limiting access to updates for certain users, specifically those on a free trial. This situation underscores the importance of timely security updates and equitable access to fixes for all users, which is crucial for maintaining information security.

Detailed Description: The text addresses a significant issue in information security concerning a vulnerability rated CVSS 10, indicating serious consequences if exploited. Here are the key points highlighted in the analysis:

– **Vulnerability Identification**: A critical flaw was discovered in Commvault’s Command Center, which is pivotal for data management and protection.
– **Access to Fixes**: The flaw initially went unaddressed for users testing a free trial version of the product, raising questions about equitable access to critical security updates.
– **Response by Security Researcher**: A security researcher identified and brought attention to the oversight, prompting necessary action to release updates.
– **Implications for Users**: Users on trial versions of software should receive the same level of security support as full-paying customers to mitigate risks associated with vulnerabilities.

**Practical Implications for Security Professionals**:
– Organizations must ensure that all users have access to security updates, regardless of their subscription status.
– Continuous monitoring and rapid response to vulnerabilities are essential to protect systems and data integrity.
– Awareness and communication between security researchers and companies can lead to quicker resolution of critical vulnerabilities.

1 10 2 2025 3 5 a access Act addresses after AI analysis and API Arch as aware awareness Bi by C CERN CI CIA co command Command Center communication Commvault companies continuous monitoring core critical critical flaw Customer CVSS D data data integrity data management Data Protection de e exp exploit fixes for free full g GIS H high Highlight http HTTPS implications in information information security integrity issue ite k Key l law led level Li limiting M man management Monitor monitoring N no o of on organization organizations out over oversight Patch play point practical implications problem product professionals prompt Prompting protection Q question QUIC R raising rapid response rate RCE red release research researchers resolution response Risk risks Ro RoT s sam search sec security security implications security professionals Security Research Security Researcher security researchers security update security updates sequence Sig SoC software source specific SSE SSO subscription support system systems T test Testing text the Time to Tor TP trial UI under up update updates US use user Users V Vault version vulnerabilities vulnerability vulnerability identification Ware Wi x