CVE-2025-57790

CVE-2025-57790 (and related CVEs 57791/57788) affects Commvault software. Connected sources describe a path-traversal vulnerability in Commvault components that allows remote file-system access and may enable remote code execution. The Metasploit and PacketStorm entries confirm an unauthenticated...

CVE-2025-57789

CVE-2025-57789 – Commvault initial administrator login vulnerability . The issue occurs in the setup window between installation and the first administrator login, where remote attackers may exploit the default credentials to gain admin control. Affected versions include Commvault 11.32.x before ...

CVE-2025-57789 Vulnerability in Initial Administrator Login Process

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

CVE-2025-57789 Vulnerability in Initial Administrator Login Process

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A security vulnerability exists in versions of Commvault prior to 11.36.60 that originates after installation and before the first administrator login and could be exploited to gain administrator control using default credentia...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A security vulnerability exists in Commvault versions prior to 11.36.60 that stems from a path traversal issue that could lead to remote code execution...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault Corporation, USA. A security vulnerability exists in Commvault versions prior to 11.36.60 that stems from a known login mechanism that allows an unauthenticated attacker to execute API calls...

CVE-2025-57788 Unauthorized API Access Risk

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

CVE-2025-57788 Unauthorized API Access Risk

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

PT-2025-33898

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. Role-Based Access Control RBAC can limit exposure, but does...

PT-2025-33899 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: An issue was discovered in Commvault that allows remote attackers to exploit default credentials to gain administrative control during the brief period between installation and the first...

Commvault 参数注入漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A parameter injection vulnerability exists in versions of Commvault prior to 11.36.60 that stems from insufficient input validation leading to command line parameter injection or manipulation, which could result in a...

EUVD-2025-25258

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

PT-2025-33901 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful...

CVE-2025-57788

CVE-2025-57788 affects Commvault components (notably CommandCenter login flow) where an unauthenticated attacker can trigger API calls without user credentials. The connected records describe a pre-auth vulnerability chain leveraged alongside CVE-2025-57790/57791 to enable broader remote code exe...

PT-2025-33900 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to perform unauthorized file system access through a path traversal issue. This may lead to remote code execution...

CVE-2025-34136

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...

CVE-2024-13975

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...

CVE-2024-13976

A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated...

CVE-2025-34136

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...