AI description
CVE-2025-57790 is a path traversal vulnerability in Commvault software before version 11.36.60. It allows a remote attacker to perform unauthorized file system access. By exploiting this vulnerability, an attacker can write a JavaServer Pages (JSP) webshell into the webroot, achieving remote code execution (RCE). This path traversal flaw can be combined with other vulnerabilities in Commvault to create RCE exploit chains. One chain involves CVE-2025-57791, an argument injection vulnerability, while another involves CVE-2025-57788 and CVE-2025-57789, which relate to information disclosure and privilege escalation, respectively.
- Description
- An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- commvault
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-36
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-29927 CVE-2025-43300 CVE-2025-57788 (@chudyPB, Sonny) CVE-2025-9132 (@GoogleDeepMind) CVE-2025-9074 CVE-2025-57790 CVE-2025-57789 CVE-2025-57791 CVE-2024-41787
@ptdbugs
22 Aug 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/qodv8GgEo6 ⚠ Importante aggi… https://t
@Vulcanux_
21 Aug 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ #Commvault: disponibili #PoC per lo sfruttamento delle CVE-2025-57788, CVE-2025-57789, CVE-2025-57790 e CVE-2025-57791 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/TmpqLKUiRz ⚠ Importante aggiornare i software inter
@csirt_it
21 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We're back - returning to the scene of the "crime" - to demonstrate 2 pre-auth RCE chains against Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) Enjoy, and speak soon 😉 https://t.co/s1cHuPSi1b
@watchtowrcyber
20 Aug 2025
14280 Impressions
39 Retweets
113 Likes
27 Bookmarks
1 Reply
4 Quotes
[CVE-2025-57790: HIGH] Critical security flaw found in Commvault (pre-11.36.60) allows remote attackers to gain unauthorized file system access via path traversal, risking remote code execution.#cve,CVE-2025-57790,#cybersecurity https://t.co/TnsJ577CRU https://t.co/RuW1AEGgk3
@CveFindCom
20 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5",
"versionEndExcluding": "11.36.60"
}
],
"operator": "OR"
}
]
}
]