Follow Up: CVE-2025-34028

Arctic Wolf published a security bulletin warning of CVE-2025-34028, a maximum-severity pre-auth SSRF in Commvault Command Center that can lead to unauthenticated RCE via a crafted ZIP/JSP; a public proof-of-concept and CISA KEV listing increase the risk of exploitation, so organizations should apply the specified additional updates for affected 11.38.20/11.38.25 builds and remove any publicly exposed Command Center instances.