CVE-2025-57788

Published Aug 20, 2025

Last updated 7 months ago

CVSS medium 6.9
Commvault

Overview

Description
An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.
Source
cve@mitre.org
NVD status
Analyzed
Products
commvault

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
2.5
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-259

Social media

Hype score
Not currently trending

  1. Connect your AI to the StorageGuard MCP Server to inspect configs, fix vulnerabilities, and validate compliance across #storage & #backup: “Fix bad ACLs.” “Check CVE-2025-57788 and build a mitigation plan.” https://t.co/HOyBXURMj3 https://t.co/oOkoQvCexu

    @ContinuitySoft

    15 Dec 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨Upozorňujeme na sérii zranitelností v platformě pro zálohování a správu dat Commvault Backup & Recovery, CVE-2025-57790, CVE-2025-57789, CVE-2025-57788. Při postupném zneužití těchto chyb může útočník získat neoprávněný přístup, zvýšit svá oprá

    @GOVCERT_CZ

    25 Aug 2025

    1023 Impressions

    4 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Commvault patches pre-auth RCE bugs (CVE-2025-57788–91) that can be chained into two exploit paths—one works universally, another if admin password is default. Versions before 11.36.60 are vulnerable. Patch now! More: https://t.co/UnpGOvX9wQ https://t.co/4POQUP8yPq

    @sctocs25

    22 Aug 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-29927 CVE-2025-43300 CVE-2025-57788 (@chudyPB, Sonny) CVE-2025-9132 (@GoogleDeepMind) CVE-2025-9074 CVE-2025-57790 CVE-2025-57789 CVE-2025-57791 CVE-2024-41787

    @ptdbugs

    22 Aug 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Vulnerability Alert: Multiple pre-auth flaws in Commvault (CVE-2025-57788 to 57791) can be chained for remote code execution. One chain exploits default admin credentials if unchanged post-install. Update to 11.36.60 or 11.32.102 immediately. SaaS version not affected. https:/

    @CloneSystemsInc

    22 Aug 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. csirt_it: ‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/qodv8GgEo6 ⚠ Importante aggi… https://t

    @Vulcanux_

    21 Aug 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/TmpqLKUiRz ⚠ Importante aggiornare i software inter

    @csirt_it

    21 Aug 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. We're back - returning to the scene of the "crime" - to demonstrate 2 pre-auth RCE chains against Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) Enjoy, and speak soon 😉 https://t.co/s1cHuPSi1b

    @watchtowrcyber

    20 Aug 2025

    14280 Impressions

    39 Retweets

    113 Likes

    27 Bookmarks

    1 Reply

    4 Quotes

  9. CVE-2025-57788 An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiri… https://t.co/M8o1Mu6A5t

    @CVEnew

    20 Aug 2025

    434 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secure and seamless user experience.  Although the user input is not validated in the report creation, these scripts are not executed when the report is run by end users. The script is executed when the report is modified through the report builder by a user with edit permissions. The Report Builder is part of the WebConsole.  The WebConsole package is currently end of life, and is no longer maintained. We strongly recommend against installing or using it in any production environment. However, if you choose to install it, for example, to access functionality like the Report Builder, it must be deployed within a fully isolated network that has no access to sensitive data or internet connectivity. This is a critical security precaution, as the retired package may contain unpatched vulnerabilities and is no longer supported with updates or fixes.CVE-2025-12776
  2. An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.CVE-2025-57791
  3. An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.CVE-2025-57790
  4. An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.CVE-2025-57789
  5. Commvault Web Server Unspecified VulnerabilityCVE-2025-3928

References

Sources include official advisories and independent security research.