Remote Admin Access Vulnerability in Commvault Software
CVE-2025-57789

5.3MEDIUM

Key Information:

Vendor: Commvault
Status: Commcell
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-57789?

A security flaw has been identified in Commvault software that allows remote attackers to gain administrative control during the installation phase. This occurs before the first administrator login, as the default credentials remain unchanged. Because this exploit is limited to the initial setup phase, it poses a significant risk prior to the configuration of any jobs.

Affected Version(s)

CommCell 11.32.0 <= 11.32.101

CommCell 11.36.0 <= 11.36.59

References

https://documentation.commvault.com/securityadvisories/CV...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 19, 2025

JSON