DLL Injection Vulnerability in Commvault for Windows
CVE-2024-13976

8.5HIGH

Key Information:

Vendor

Commvault

Status
Commvault For Windows
Vendor
CVE Published:
25 July 2025

What is CVE-2024-13976?

A DLL injection vulnerability is present in Commvault for certain versions of Windows, which allows attackers with local access to exploit uncontrolled search path or DLL loading behavior. This exploitation can lead to the execution of arbitrary code with elevated privileges during maintenance update installations. This issue has been addressed in the latest versions, ensuring users are protected against potential unauthorized access.

Affected Version(s)

Commvault for Windows Windows 11.20.0 < 11.20.202

Commvault for Windows Windows 11.28.0 < 11.28.124

Commvault for Windows Windows 11.32.0 < 11.32.65

References

https://documentation.commvault.com/securityadvisories/CV...
vendor-advisorypatch
https://www.vulncheck.com/advisories/commvault-for-window...
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Commvault
JSON
.
CVE-2024-13976 : DLL Injection Vulnerability in Commvault for Windows