cvelistv5 - cve-2025-57788

CVE-2025-57788 (GCVE-0-2025-57788)

Vulnerability from cvelistv5 – Published: 2025-08-20 00:00 – Updated: 2025-09-11 14:02

Summary

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-259 - Use of Hard-coded Password

Assigner

mitre

References

URL

Tags

https://documentation.commvault.com/securityadvis…

Impacted products

	Vendor	Product	Version
	Commvault	CommCell	Affected: 11.32.0 , ≤ 11.32.101 (semver) Affected: 11.36.0 , ≤ 11.36.59 (semver)

Credits

Sonny and Piotr Bazydlo (@chudyPB) of watchTowr

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-11T14:02:08.558353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-11T14:02:30.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CommCell",
          "vendor": "Commvault",
          "versions": [
            {
              "lessThanOrEqual": "11.32.101",
              "status": "affected",
              "version": "11.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.36.59",
              "status": "affected",
              "version": "11.36.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sonny and Piotr Bazydlo (@chudyPB) of watchTowr"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T16:00:55.240Z",
        "orgId": "050066fd-a2f9-4f32-ab5d-4c53f48bc333",
        "shortName": "Commvault"
      },
      "references": [
        {
          "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
        }
      ],
      "title": "Unauthorized API Access Risk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-57788",
    "datePublished": "2025-08-20T00:00:00.000Z",
    "dateReserved": "2025-08-19T00:00:00.000Z",
    "dateUpdated": "2025-09-11T14:02:30.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-57788\",\"sourceIdentifier\":\"050066fd-a2f9-4f32-ab5d-4c53f48bc333\",\"published\":\"2025-08-20T04:16:03.590\",\"lastModified\":\"2025-09-10T16:15:40.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Commvault antes de la versi\u00f3n 11.36.60. Una vulnerabilidad en un mecanismo de inicio de sesi\u00f3n conocido permite a atacantes no autenticados ejecutar llamadas a la API sin requerir credenciales de usuario. RBAC ayuda a limitar la exposici\u00f3n, pero no elimina el riesgo.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"050066fd-a2f9-4f32-ab5d-4c53f48bc333\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"050066fd-a2f9-4f32-ab5d-4c53f48bc333\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-259\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.36.60\",\"matchCriteriaId\":\"7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5\"}]}]}],\"references\":[{\"url\":\"https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html\",\"source\":\"050066fd-a2f9-4f32-ab5d-4c53f48bc333\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-57788\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-11T14:02:08.558353Z\"}}}], \"references\": [{\"url\": \"https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-20T13:31:22.564Z\"}}], \"cna\": {\"title\": \"Unauthorized API Access Risk\", \"credits\": [{\"lang\": \"en\", \"value\": \"Sonny and Piotr Bazydlo (@chudyPB) of watchTowr\"}], \"metrics\": [{\"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}], \"affected\": [{\"vendor\": \"Commvault\", \"product\": \"CommCell\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.32.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.32.101\"}, {\"status\": \"affected\", \"version\": \"11.36.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.36.59\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-259\", \"description\": \"CWE-259: Use of Hard-coded Password\"}]}], \"providerMetadata\": {\"orgId\": \"050066fd-a2f9-4f32-ab5d-4c53f48bc333\", \"shortName\": \"Commvault\", \"dateUpdated\": \"2025-09-10T16:00:55.240Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-57788\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-11T14:02:30.986Z\", \"dateReserved\": \"2025-08-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-08-20T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-W78R-F8W4-QXCQ

Vulnerability from github – Published: 2025-08-20 06:30 – Updated: 2025-08-21 15:30

Details

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-57788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-259"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T04:16:03Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.",
  "id": "GHSA-w78r-f8w4-qxcq",
  "modified": "2025-08-21T15:30:33Z",
  "published": "2025-08-20T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57788"
    },
    {
      "type": "WEB",
      "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-57788

Vulnerability from fkie_nvd - Published: 2025-08-20 04:16 - Updated: 2025-09-10 16:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

References

	URL	Tags
	050066fd-a2f9-4f32-ab5d-4c53f48bc333	https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	commvault	commvault	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5",
              "versionEndExcluding": "11.36.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Commvault antes de la versi\u00f3n 11.36.60. Una vulnerabilidad en un mecanismo de inicio de sesi\u00f3n conocido permite a atacantes no autenticados ejecutar llamadas a la API sin requerir credenciales de usuario. RBAC ayuda a limitar la exposici\u00f3n, pero no elimina el riesgo."
    }
  ],
  "id": "CVE-2025-57788",
  "lastModified": "2025-09-10T16:15:40.133",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "050066fd-a2f9-4f32-ab5d-4c53f48bc333",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T04:16:03.590",
  "references": [
    {
      "source": "050066fd-a2f9-4f32-ab5d-4c53f48bc333",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials"
    }
  ],
  "sourceIdentifier": "050066fd-a2f9-4f32-ab5d-4c53f48bc333",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-259"
        }
      ],
      "source": "050066fd-a2f9-4f32-ab5d-4c53f48bc333",
      "type": "Secondary"
    }
  ]
}

NCSC-2025-0265

Vulnerability from csaf_ncscnl - Published: 2025-08-20 12:15 - Updated: 2025-08-20 12:15

Summary

Kwetsbaarheden verholpen in Commvault

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Commvault heeft kwetsbaarheden verholpen in Commvault componenten als CommCell en ComServe versies voor 11.36.60.

Interpretaties

De kwetsbaarheden bevinden zich in versies van Commvault vóór 11.36.60. De eerste kwetsbaarheid stelt niet-geauthenticeerde aanvallers in staat om API-aanroepen uit te voeren via een bekend inlogmechanisme, wat kan leiden tot ongeautoriseerde toegang tot gevoelige gegevens of functionaliteiten binnen de Commvault-omgeving. De tweede kwetsbaarheid betreft een pad-traversal probleem dat door externe aanvallers kan worden misbruikt, wat kan leiden tot ongeautoriseerde toegang tot het bestandssysteem en mogelijk tot remote code execution. De derde kwetsbaarheid is het gevolg van onvoldoende invoervalidatie, waardoor aanvallers commandoregelargumenten kunnen manipuleren, wat hen mogelijk toegang kan geven tot een geldige gebruikerssessie met lage privileges. Deze kwetsbaarheden verhogen het risico op datacompromittatie en schendingen van de systeemintegriteit.

Oplossingen

Commvault heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-259

Use of Hard-coded Password

CWE-36

Absolute Path Traversal

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Commvault heeft kwetsbaarheden verholpen in Commvault componenten als CommCell en ComServe versies voor 11.36.60.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden bevinden zich in versies van Commvault v\u00f3\u00f3r 11.36.60. De eerste kwetsbaarheid stelt niet-geauthenticeerde aanvallers in staat om API-aanroepen uit te voeren via een bekend inlogmechanisme, wat kan leiden tot ongeautoriseerde toegang tot gevoelige gegevens of functionaliteiten binnen de Commvault-omgeving. De tweede kwetsbaarheid betreft een pad-traversal probleem dat door externe aanvallers kan worden misbruikt, wat kan leiden tot ongeautoriseerde toegang tot het bestandssysteem en mogelijk tot remote code execution. De derde kwetsbaarheid is het gevolg van onvoldoende invoervalidatie, waardoor aanvallers commandoregelargumenten kunnen manipuleren, wat hen mogelijk toegang kan geven tot een geldige gebruikerssessie met lage privileges. Deze kwetsbaarheden verhogen het risico op datacompromittatie en schendingen van de systeemintegriteit.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Commvault heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
        "title": "CWE-88"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Password",
        "title": "CWE-259"
      },
      {
        "category": "general",
        "text": "Absolute Path Traversal",
        "title": "CWE-36"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Commvault",
    "tracking": {
      "current_release_date": "2025-08-20T12:15:48.655099Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.2"
        }
      },
      "id": "NCSC-2025-0265",
      "initial_release_date": "2025-08-20T12:15:48.655099Z",
      "revision_history": [
        {
          "date": "2025-08-20T12:15:48.655099Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:semver/11.36.0|\u003c=11.36.59",
                "product": {
                  "name": "vers:semver/11.36.0|\u003c=11.36.59",
                  "product_id": "CSAFPID-3065486"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/11.32.0|\u003c=11.32.101",
                "product": {
                  "name": "vers:semver/11.32.0|\u003c=11.32.101",
                  "product_id": "CSAFPID-3065485"
                }
              }
            ],
            "category": "product_name",
            "name": "CommCell"
          }
        ],
        "category": "vendor",
        "name": "Commvault"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-57788",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Password",
          "title": "CWE-259"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3065486",
          "CSAFPID-3065485"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57788 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57788.json"
        }
      ],
      "title": "CVE-2025-57788"
    },
    {
      "cve": "CVE-2025-57790",
      "cwe": {
        "id": "CWE-36",
        "name": "Absolute Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Absolute Path Traversal",
          "title": "CWE-36"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3065486",
          "CSAFPID-3065485"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57790 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57790.json"
        }
      ],
      "title": "CVE-2025-57790"
    },
    {
      "cve": "CVE-2025-57791",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
          "title": "CWE-88"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3065486",
          "CSAFPID-3065485"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57791 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57791.json"
        }
      ],
      "title": "CVE-2025-57791"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-57788 (GCVE-0-2025-57788)

GHSA-W78R-F8W4-QXCQ

FKIE_CVE-2025-57788

NCSC-2025-0265

Tags

Sightings

Nomenclature