cvelistv5 - cve-2025-57788

CVE-2025-57788 (GCVE-0-2025-57788)

Vulnerability from cvelistv5

Published

2025-08-20 00:00

Modified

2025-08-20 14:23

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-259 - Use of Hard-coded Password

Summary

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

References

►

URL

Tags

	cve@mitre.org	https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	Commvault	CommCell	Version: 11.32.0 ≤ 11.32.101 Version: 11.36.0 ≤ 11.36.59

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57788",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-20T14:22:43.244430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-20T14:23:56.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CommCell",
          "vendor": "Commvault",
          "versions": [
            {
              "lessThanOrEqual": "11.32.101",
              "status": "affected",
              "version": "11.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.36.59",
              "status": "affected",
              "version": "11.36.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T03:18:39.653Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
        }
      ],
      "title": "Unauthorized API Access Risk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-57788",
    "datePublished": "2025-08-20T00:00:00.000Z",
    "dateReserved": "2025-08-19T00:00:00.000Z",
    "dateUpdated": "2025-08-20T14:23:56.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-57788\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-08-20T04:16:03.590\",\"lastModified\":\"2025-08-21T14:31:17.143\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Commvault antes de la versi\u00f3n 11.36.60. Una vulnerabilidad en un mecanismo de inicio de sesi\u00f3n conocido permite a atacantes no autenticados ejecutar llamadas a la API sin requerir credenciales de usuario. RBAC ayuda a limitar la exposici\u00f3n, pero no elimina el riesgo.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-259\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.36.60\",\"matchCriteriaId\":\"7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5\"}]}]}],\"references\":[{\"url\":\"https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-57788\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T14:22:43.244430Z\"}}}], \"references\": [{\"url\": \"https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-20T13:31:22.564Z\"}}], \"cna\": {\"title\": \"Unauthorized API Access Risk\", \"metrics\": [{\"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}], \"affected\": [{\"vendor\": \"Commvault\", \"product\": \"CommCell\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.32.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.32.101\"}, {\"status\": \"affected\", \"version\": \"11.36.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.36.59\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-259\", \"description\": \"CWE-259: Use of Hard-coded Password\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-08-20T03:18:39.653Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-57788\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-20T14:23:56.138Z\", \"dateReserved\": \"2025-08-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-08-20T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-57788

Vulnerability from fkie_nvd

Published

2025-08-20 04:16

Modified

2025-08-21 14:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

▶	URL	Tags
	cve@mitre.org	https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	commvault	commvault	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5",
              "versionEndExcluding": "11.36.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Commvault antes de la versi\u00f3n 11.36.60. Una vulnerabilidad en un mecanismo de inicio de sesi\u00f3n conocido permite a atacantes no autenticados ejecutar llamadas a la API sin requerir credenciales de usuario. RBAC ayuda a limitar la exposici\u00f3n, pero no elimina el riesgo."
    }
  ],
  "id": "CVE-2025-57788",
  "lastModified": "2025-08-21T14:31:17.143",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T04:16:03.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-259"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}

ncsc-2025-0265

Vulnerability from csaf_ncscnl

Published

2025-08-20 12:15

Modified

2025-08-20 12:15

Summary

Kwetsbaarheden verholpen in Commvault

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Commvault heeft kwetsbaarheden verholpen in Commvault componenten als CommCell en ComServe versies voor 11.36.60.

Interpretaties

De kwetsbaarheden bevinden zich in versies van Commvault vóór 11.36.60. De eerste kwetsbaarheid stelt niet-geauthenticeerde aanvallers in staat om API-aanroepen uit te voeren via een bekend inlogmechanisme, wat kan leiden tot ongeautoriseerde toegang tot gevoelige gegevens of functionaliteiten binnen de Commvault-omgeving. De tweede kwetsbaarheid betreft een pad-traversal probleem dat door externe aanvallers kan worden misbruikt, wat kan leiden tot ongeautoriseerde toegang tot het bestandssysteem en mogelijk tot remote code execution. De derde kwetsbaarheid is het gevolg van onvoldoende invoervalidatie, waardoor aanvallers commandoregelargumenten kunnen manipuleren, wat hen mogelijk toegang kan geven tot een geldige gebruikerssessie met lage privileges. Deze kwetsbaarheden verhogen het risico op datacompromittatie en schendingen van de systeemintegriteit.

Oplossingen

Commvault heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-259

Use of Hard-coded Password

CWE-36

Absolute Path Traversal

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Commvault heeft kwetsbaarheden verholpen in Commvault componenten als CommCell en ComServe versies voor 11.36.60.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden bevinden zich in versies van Commvault v\u00f3\u00f3r 11.36.60. De eerste kwetsbaarheid stelt niet-geauthenticeerde aanvallers in staat om API-aanroepen uit te voeren via een bekend inlogmechanisme, wat kan leiden tot ongeautoriseerde toegang tot gevoelige gegevens of functionaliteiten binnen de Commvault-omgeving. De tweede kwetsbaarheid betreft een pad-traversal probleem dat door externe aanvallers kan worden misbruikt, wat kan leiden tot ongeautoriseerde toegang tot het bestandssysteem en mogelijk tot remote code execution. De derde kwetsbaarheid is het gevolg van onvoldoende invoervalidatie, waardoor aanvallers commandoregelargumenten kunnen manipuleren, wat hen mogelijk toegang kan geven tot een geldige gebruikerssessie met lage privileges. Deze kwetsbaarheden verhogen het risico op datacompromittatie en schendingen van de systeemintegriteit.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Commvault heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
        "title": "CWE-88"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Password",
        "title": "CWE-259"
      },
      {
        "category": "general",
        "text": "Absolute Path Traversal",
        "title": "CWE-36"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Commvault",
    "tracking": {
      "current_release_date": "2025-08-20T12:15:48.655099Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.2"
        }
      },
      "id": "NCSC-2025-0265",
      "initial_release_date": "2025-08-20T12:15:48.655099Z",
      "revision_history": [
        {
          "date": "2025-08-20T12:15:48.655099Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:semver/11.36.0|\u003c=11.36.59",
                "product": {
                  "name": "vers:semver/11.36.0|\u003c=11.36.59",
                  "product_id": "CSAFPID-3065486"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/11.32.0|\u003c=11.32.101",
                "product": {
                  "name": "vers:semver/11.32.0|\u003c=11.32.101",
                  "product_id": "CSAFPID-3065485"
                }
              }
            ],
            "category": "product_name",
            "name": "CommCell"
          }
        ],
        "category": "vendor",
        "name": "Commvault"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-57788",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Password",
          "title": "CWE-259"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3065486",
          "CSAFPID-3065485"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57788 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57788.json"
        }
      ],
      "title": "CVE-2025-57788"
    },
    {
      "cve": "CVE-2025-57790",
      "cwe": {
        "id": "CWE-36",
        "name": "Absolute Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Absolute Path Traversal",
          "title": "CWE-36"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3065486",
          "CSAFPID-3065485"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57790 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57790.json"
        }
      ],
      "title": "CVE-2025-57790"
    },
    {
      "cve": "CVE-2025-57791",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
          "title": "CWE-88"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3065486",
          "CSAFPID-3065485"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57791 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57791.json"
        }
      ],
      "title": "CVE-2025-57791"
    }
  ]
}

ghsa-w78r-f8w4-qxcq

Vulnerability from github

Published

2025-08-20 06:30

Modified

2025-08-21 15:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-57788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-259"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T04:16:03Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.",
  "id": "GHSA-w78r-f8w4-qxcq",
  "modified": "2025-08-21T15:30:33Z",
  "published": "2025-08-20T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57788"
    },
    {
      "type": "WEB",
      "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-57788 (GCVE-0-2025-57788)

Vulnerability from cvelistv5

fkie_cve-2025-57788

Vulnerability from fkie_nvd

ncsc-2025-0265

Vulnerability from csaf_ncscnl

ghsa-w78r-f8w4-qxcq

Vulnerability from github

Tags

Sightings

Nomenclature