Add vpatch-CVE-2025-34028 rule and test

[crowdsec-automation]

This rule detects exploitation attempts for CVE-2025-34028, a vulnerability in Commvault Command Center's /commandcenter/deployWebpackage.do endpoint that allows SSRF and path traversal. The detection logic is as follows:

• The first rule block matches requests to the vulnerable endpoint by checking if the URI contains /commandcenter/deploywebpackage.do, using a lowercase transform for case insensitivity.
• The second rule block inspects the commcellName parameter in the POST body. If it contains the substring http (case-insensitive, with urldecode), it is likely an attempt to trigger SSRF, as the exploit uses a URL in this parameter.
• The rule avoids false positives by only matching on the relevant endpoint and parameter, and by not matching on generic patterns.
• The labels section includes the correct CVE, ATT&CK, and CWE references, and the label is formatted as required.

Validation checklist:

• All value: fields are lowercase.
• All relevant transforms include lowercase.
• No match.value contains capital letters.
• The rule uses contains instead of regex where applicable.

Exploit URL: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34028.yaml

[github-actions]

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2025-34028 🔴

[github-actions]

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor,

✅ The new VPATCH Rule is compliant, thank you for your contribution!

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2024-1061 🔴
🔴 crowdsecurity/vpatch-CVE-2024-1071 🔴
🔴 crowdsecurity/vpatch-CVE-2023-0600 🔴
🔴 crowdsecurity/vpatch-CVE-2023-2009 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6567 🔴
🔴 crowdsecurity/vpatch-CVE-2023-23488 🔴
🔴 crowdsecurity/vpatch-CVE-2023-23489 🔴
🔴 crowdsecurity/vpatch-CVE-2023-4634 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6623 🔴
🔴 crowdsecurity/vpatch-CVE-2023-0900 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6360 🔴

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

[github-actions]

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!