Four security defects in Commvault versions before 11.36.60 enable remote code execution through various attack vectors. The vulnerabilities include an API login bypass, an exploitable default-credential window during setup, a high-severity path traversal flaw that permits filesystem access and code execution, and an input-validation issue that lets attackers inject or manipulate command-line arguments to gain low-privilege sessions. watchTowr Labs researchers discovered the defects in April 2025. Two pre-authenticated exploit chains can be constructed from these issues, and successful exploitation of one chain depends on an unchanged built-in admin password. Patches are available in versions 11.32.102 and 11.36.60; SaaS is unaffected.
CVE-2025-57790 (CVSS score: 8.7) - A path traversal vulnerability that allows remote attackers to perform unauthorized file system access through a path traversal issue, resulting in remote code execution CVE-2025-57791 (CVSS score: 6.9) - A vulnerability that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation, resulting in a valid user session for a low-privilege role
watchTowr Labs researchers Sonny Macdonald and Piotr Bazydlo have been credited with discovering and reporting the four security defects in April 2025. All the flagged vulnerabilities have been resolved in versions 11.32.102 and 11.36.60. Commvault SaaS solution is not affected. In an analysis published Wednesday, the cybersecurity company said threat actors could fashion these vulnerabilities into two pre-authenticated exploit chains to achieve code execution on susceptible instances: One that combines CVE-2025-57791 and CVE-2025-57790, and the other that strings CVE-2025-57788, CVE-2025-57789, and CVE-2025-57790.
Collection
[
|
...
]