CVE-2025-57790

Published Aug 20, 2025

Last updated 7 months ago

CVSS high 8.7
Commvault

Overview

Description
An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
Source
cve@mitre.org
NVD status
Analyzed
Products
commvault

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-36

Social media

Hype score
Not currently trending

  1. 🚨Upozorňujeme na sérii zranitelností v platformě pro zálohování a správu dat Commvault Backup & Recovery, CVE-2025-57790, CVE-2025-57789, CVE-2025-57788. Při postupném zneužití těchto chyb může útočník získat neoprávněný přístup, zvýšit svá oprá

    @GOVCERT_CZ

    25 Aug 2025

    1023 Impressions

    4 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-29927 CVE-2025-43300 CVE-2025-57788 (@chudyPB, Sonny) CVE-2025-9132 (@GoogleDeepMind) CVE-2025-9074 CVE-2025-57790 CVE-2025-57789 CVE-2025-57791 CVE-2024-41787

    @ptdbugs

    22 Aug 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. csirt_it: ‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/qodv8GgEo6 ⚠ Importante aggi… https://t

    @Vulcanux_

    21 Aug 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/TmpqLKUiRz ⚠ Importante aggiornare i software inter

    @csirt_it

    21 Aug 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. We're back - returning to the scene of the "crime" - to demonstrate 2 pre-auth RCE chains against Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) Enjoy, and speak soon 😉 https://t.co/s1cHuPSi1b

    @watchtowrcyber

    20 Aug 2025

    14280 Impressions

    39 Retweets

    113 Likes

    27 Bookmarks

    1 Reply

    4 Quotes

  6. [CVE-2025-57790: HIGH] Critical security flaw found in Commvault (pre-11.36.60) allows remote attackers to gain unauthorized file system access via path traversal, risking remote code execution.#cve,CVE-2025-57790,#cybersecurity https://t.co/TnsJ577CRU https://t.co/RuW1AEGgk3

    @CveFindCom

    20 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secure and seamless user experience.  Although the user input is not validated in the report creation, these scripts are not executed when the report is run by end users. The script is executed when the report is modified through the report builder by a user with edit permissions. The Report Builder is part of the WebConsole.  The WebConsole package is currently end of life, and is no longer maintained. We strongly recommend against installing or using it in any production environment. However, if you choose to install it, for example, to access functionality like the Report Builder, it must be deployed within a fully isolated network that has no access to sensitive data or internet connectivity. This is a critical security precaution, as the retired package may contain unpatched vulnerabilities and is no longer supported with updates or fixes.CVE-2025-12776
  2. An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.CVE-2025-57791
  3. An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.CVE-2025-57789
  4. An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.CVE-2025-57788
  5. Commvault Web Server Unspecified VulnerabilityCVE-2025-3928

References

Sources include official advisories and independent security research.