Path Traversal Vulnerability in Commvault Software
CVE-2025-57790
Key Information:
Badges
What is CVE-2025-57790?
CVE-2025-57790 is a significant vulnerability found in Commvault software, which is widely utilized for data protection and backup solutions in enterprise settings. This vulnerability stems from a path traversal issue that allows remote attackers to gain unauthorized access to the file system. By exploiting this flaw, attackers could manipulate file paths and access sensitive data or execute unauthorized commands, leading to potential remote code execution. This poses a substantial risk to organizations relying on Commvault for their data management, as breaches may compromise critical data integrity and confidentiality.
Potential impact of CVE-2025-57790
-
Unauthorized Data Access: The vulnerability allows attackers to access sensitive files that should be protected, potentially exposing proprietary information, sensitive customer data, or critical backups.
-
Remote Code Execution: Exploitation of this vulnerability could enable attackers to execute arbitrary code on affected systems, resulting in full system compromise and potential control over the organizational IT environment.
-
Increased Risk of Ransomware Deployment: By leveraging this vulnerability, attackers could better position themselves to deploy ransomware, leading to data encryption, extortion, and significant operational disruptions within organizations.
Affected Version(s)
CommCell 11.32.0 <= 11.32.101
CommCell 11.36.0 <= 11.36.59
News Articles
The Hacker NewsCVE-2025-57790Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
Commvault patched four flaws before 11.36.60, including CVE-2025-57790 (8.7 CVSS), preventing remote code execution.
3 weeks ago
References
CVSS V4
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved