Commvault Addresses Four Critical Security Vulnerabilities
Commvault has recently released important updates to tackle four significant security vulnerabilities that could permit remote code execution on affected systems. If you’re utilizing Commvault versions prior to 11.36.60, it’s essential to be aware of these security gaps and take necessary precautions.
Overview of Identified Vulnerabilities
The vulnerabilities have been cataloged under the following identifiers, each with their respective CVSS scores reflecting their severity:
-
CVE-2025-57788 (CVSS score: 6.9)
This issue arises within a familiar login mechanism, allowing unauthenticated attackers to execute API calls without needing user credentials. -
CVE-2025-57789 (CVSS score: 5.3)
Occurring during the setup phase before the first administrator login, this vulnerability lets remote attackers exploit default credentials to gain administrative control. -
CVE-2025-57790 (CVSS score: 8.7)
This critical path traversal vulnerability enables remote assailants to access the file system unlawfully, resulting in potential remote code execution. - CVE-2025-57791 (CVSS score: 6.9)
This flaw permits attackers to manipulate command-line arguments sent to internal components due to insufficient input validation, ultimately resulting in a valid user session for a low-privilege role.
Contributions of watchTowr Labs
The identification and reporting of these vulnerabilities were credited to researchers Sonny Macdonald and Piotr Bazydlo from watchTowr Labs in April 2025. Commvault has patched these vulnerabilities in versions 11.32.102 and 11.36.60. Importantly, it’s worth noting that Commvault’s Software as a Service (SaaS) solution is not affected by these vulnerabilities.
Exploit Chains and Their Implications
In a detailed analysis, watchTowr Labs indicated that threat actors could exploit these vulnerabilities through two pre-authentication exploit chains to execute code on susceptible instances. The first chain combines CVE-2025-57791 and CVE-2025-57790, while the second exploits CVE-2025-57788, CVE-2025-57789, and CVE-2025-57790.
It’s crucial to understand that the second pre-auth remote code execution chain will only succeed if the default built-in admin password remains unchanged since the installation. This aspect highlights the significance of updating passwords and securing administrative access in Commvault systems.
Context of Recent Vulnerabilities
This disclosure follows closely on the heels of another critical vulnerability reported in the Commvault Command Center (CVE-2025-34028), which carried a CVSS score of 10.0 and allows arbitrary code execution on affected installations. Just a month after the report was made public, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, confirming evidence of active exploitation in the field.
Conclusion
Due to the potential risk associated with these vulnerabilities, it is imperative for businesses using older versions of Commvault to apply the latest updates immediately. Maintaining the security of your systems not only protects sensitive information but also helps sustain operational integrity in a landscape increasingly fraught with cyber threats. Stay informed and proactive about security measures to mitigate risks associated with software vulnerabilities.
