CVE-2025-57791 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
mitre	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
commvault	commvault	𝑥 < 11.36.60

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Vulnerability Media Exposure

[GERMAN] Commvault: Hochriskante Lücke ermöglicht Einschleusen von Schadcode
In der Backup-Software Commvault können Angreifer Sicherheitslücken missbrauchen, um etwa Schadcode einzuschleusen. Updates stehen bereit.
Published: 2025-08-20T08:39:00+00:00
[GERMAN] Commvault Backup & Recovery: Mehrere Schwachstellen
Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Commvault Backup & Recovery ausnutzen, um sich erweiterte Berechtigungen zu verschaffen, beliebigen Code auszuführen und Sicherheitsmaßnahmen zu umgehen.
Published: 2025-08-19T22:00:00+00:00
[ENGLISH] Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user
Published: 2025-08-21T22:08:00+05:30

References

https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html