AI description
CVE-2025-57789 is a vulnerability in Commvault that involves default credential exposure. During the period between installation and the first administrator login, remote attackers can exploit a default credential to gain administrative control. This is possible before any jobs have been configured. This vulnerability can be chained with others, such as CVE-2025-57788 and CVE-2025-57790, to achieve remote code execution (RCE). Specifically, CVE-2025-57789 can be used to retrieve and decrypt an encrypted admin password with a hardcoded Advanced Encryption Standard (AES) key, potentially leading to privilege escalation.
- Description
- An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- commvault
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-257
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-29927 CVE-2025-43300 CVE-2025-57788 (@chudyPB, Sonny) CVE-2025-9132 (@GoogleDeepMind) CVE-2025-9074 CVE-2025-57790 CVE-2025-57789 CVE-2025-57791 CVE-2024-41787
@ptdbugs
22 Aug 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/qodv8GgEo6 ⚠ Importante aggi… https://t
@Vulcanux_
21 Aug 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/TmpqLKUiRz ⚠ Importante aggiornare i software inter
@csirt_it
21 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We're back - returning to the scene of the "crime" - to demonstrate 2 pre-auth RCE chains against Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) Enjoy, and speak soon 😉 https://t.co/s1cHuPSi1b
@watchtowrcyber
20 Aug 2025
14280 Impressions
39 Retweets
113 Likes
27 Bookmarks
1 Reply
4 Quotes
CVE-2025-57789 An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the… https://t.co/O4IQEw0f3R
@CVEnew
20 Aug 2025
360 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5",
"versionEndExcluding": "11.36.60"
}
],
"operator": "OR"
}
]
}
]