Command Injection Vulnerability in Commvault Software
CVE-2025-57791

6.9MEDIUM

Key Information:

Vendor: Commvault
Status: Commcell
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-57791?

A vulnerability has been identified in Commvault software that allows remote actors to perform command injection due to inadequate input validation. This flaw enables attackers to manipulate command-line arguments, leading to unauthorized access through the establishment of a valid user session with low privilege. Protective measures and updates are strongly recommended to secure affected versions.

Affected Version(s)

CommCell 11.32.0 <= 11.32.101

CommCell 11.36.0 <= 11.36.59

References

https://documentation.commvault.com/securityadvisories/CV...

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 19, 2025

JSON