Commvault Unauthenticated Password Disclosure (WT-2025-0047)

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...

Commvault CommandCenter < 11.36.60 Unauthorized API Access

Commvault CommandCenter versions prior to 11.36.60 contain a vulnerability in a known login mechanism that allows unauthenticated attackers to execute API calls without requiring user credentials. No source data...

CVE-2025-57791

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 CVSS score: 6.9 - A vulnerability in a know...

Vulnerabilities fixed in Commvault

Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...

CVE-2025-57791

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

CVE-2025-57790

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution...

EUVD-2025-25255

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

CVE-2025-57790 Path Traversal Vulnerability

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A security vulnerability exists in versions of Commvault prior to 11.36.60 that originates after installation and before the first administrator login and could be exploited to gain administrator control using default credentia...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A security vulnerability exists in Commvault versions prior to 11.36.60 that stems from a path traversal issue that could lead to remote code execution...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault Corporation, USA. A security vulnerability exists in Commvault versions prior to 11.36.60 that stems from a known login mechanism that allows an unauthenticated attacker to execute API calls...

CVE-2025-57788 Unauthorized API Access Risk

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

EUVD-2025-25258

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

CVE-2025-57788 Unauthorized API Access Risk

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

PT-2025-33901 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful...

PT-2025-33898

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. Role-Based Access Control RBAC can limit exposure, but does...

PT-2025-33899 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: An issue was discovered in Commvault that allows remote attackers to exploit default credentials to gain administrative control during the brief period between installation and the first...

CVE-2025-57788

CVE-2025-57788 affects Commvault components (notably CommandCenter login flow) where an unauthenticated attacker can trigger API calls without user credentials. The connected records describe a pre-auth vulnerability chain leveraged alongside CVE-2025-57790/57791 to enable broader remote code exe...

PT-2025-33900 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to perform unauthorized file system access through a path traversal issue. This may lead to remote code execution...