CVE-2025-57788

Medium CVSS: 6.9

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Vendor

Commvault

Product

Commvault

CWE

CWE-259

Yayın Tarihi

2025-08-20 04:16:03

Güncelleme

2025-09-10 16:15:40

Source Identifier

050066fd-a2f9-4f32-ab5d-4c53f48bc333

KEV Date Added

Kategoriler

CWE-259 Commvault MEDIUM Commvault 2025

Referanslar

https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials

Benzer Kayıtlar

Low

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users,…

High

CVE-2025-57790

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access thr…

Medium

CVE-2025-57791

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments…

Medium

CVE-2025-57789

During the brief window between installation and the first administrator login, remote attackers may exploit the default…

High

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. Accordi…

Critical

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent insta…