Commvault Unauthenticated Password Disclosure (WT-2025-0047)

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...

CVE-2025-57788

CVE-2025-57788 affects Commvault Command Center (and related components) prior to version 11.36.60, where an unauthenticated login mechanism allows API calls without user credentials. The issue is part of an exploit chain that can enable unauthenticated access and, in conjunction with other CVEs ...

EUVD-2025-25258

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

PT-2025-33898

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. Role-Based Access Control RBAC can limit exposure, but does...