Tech News

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

By Viral Trending Content 3 Min Read

Aug 21, 2025Ravie LakshmananVulnerability / Software Security

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances.

The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows –

  • CVE-2025-57788 (CVSS score: 6.9) – A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials
  • CVE-2025-57789 (CVSS score: 5.3) – A vulnerability during the setup phase between installation and the first administrator login that allows remote attackers to exploit the default credentials to gain admin control
  • CVE-2025-57790 (CVSS score: 8.7) – A path traversal vulnerability that allows remote attackers to perform unauthorized file system access through a path traversal issue, resulting in remote code execution
  • CVE-2025-57791 (CVSS score: 6.9) – A vulnerability that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation, resulting in a valid user session for a low-privilege role
Identity Security Risk Assessment

watchTowr Labs researchers Sonny Macdonald and Piotr Bazydlo have been credited with discovering and reporting the four security defects in April 2025. All the flagged vulnerabilities have been resolved in versions 11.32.102 and 11.36.60. Commvault SaaS solution is not affected.

In an analysis published Wednesday, the cybersecurity company said threat actors could fashion these vulnerabilities into two pre-authenticated exploit chains to achieve code execution on susceptible instances: One that combines CVE-2025-57791 and CVE-2025-57790, and the other that strings CVE-2025-57788, CVE-2025-57789, and CVE-2025-57790.

It’s worth noting that the second pre-auth remote code execution chain becomes successful only if the built-in admin password hasn’t been changed since installation.

The disclosure comes nearly four months after watchTowr Labs reported a critical Commvault Command Center flaw (CVE-2025-34028, CVSS score: 10.0) that could allow arbitrary code execution on affected installations.

A month later, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

You Might Also Like

Best Fitness Tracker 2026: Fitbits, Bands & Hybrids

Your Photos Are Probably Giving Away Your Location. Here’s How to Stop That

Critical Fortinet Forticlient EMS flaw now exploited in attacks

21 organisations currently adding to their engineering teams

M5 Ultra Mac Studio Leaks: 8K Video and GPU Benchmarks

TAGGED: , , , , , , , ,
Share This Article
Previous Article How Google Genie 3 Creates Real-Time Immersive Environments
Next Article This 9.5% yielding FTSE 100 dividend stock is at a 52-week low! Time to consider buying?
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

Dimension 20 Is Finally Doing A Vampire: The Masquerade Campaign And I Am So Stoked
Gaming News
Brush up: How to plan a creative holiday in Europe
Travel
Best Fitness Tracker 2026: Fitbits, Bands & Hybrids
Tech News
Your Photos Are Probably Giving Away Your Location. Here’s How to Stop That
Tech News
Critical Fortinet Forticlient EMS flaw now exploited in attacks
Tech News
Is it time Premier League Darts introduced a reserve player for withdrawals?
Sports
Jefferies screams buy on HDFC Bank, says valuation attractive after 25% dip
Business
Lost your password?