Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks — Aug 21, 2025Ravie LakshmananVulnerability / Software Security [https
What’s new: Commvault has released updates to address four vulnerabilities that could allow remote code execution on affected instances. The vulnerabilities, identified in Commvault versions prior to 11.36.60, include:
- CVE-2025-57788 (CVSS score: 6.9) – Unauthenticated API calls execution.
- CVE-2025-57789 (CVSS score: 5.3) – Exploitation of default credentials during setup.
- CVE-2025-57790 (CVSS score: 8.7) – Path traversal vulnerability allowing unauthorized file system access.
- CVE-2025-57791 (CVSS score: 6.9) – Insufficient input validation leading to command-line argument manipulation.
Who’s affected
Administrators using Commvault versions prior to 11.36.60 are at risk. The Commvault SaaS solution is not affected.
What to do
- Upgrade to Commvault versions 11.32.102 or 11.36.60 to mitigate the vulnerabilities.
- Ensure that default credentials are changed during installation to prevent exploitation.
- Review security configurations and monitor for any unauthorized access attempts.
