How severe is CVE-2025-57788?

CVE-2025-57788 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-57788

Name: commvault
Author: commvault

6.5MEDIUM

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Published: 8/20/2025Updated: 9/10/2025

Description

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

AI AnalysisPowered by AI

Affected Products

commvaultcommvault

References

https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html
Vendor Advisory
https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials
ExploitThird Party Advisory