How severe is CVE-2025-57788?

CVE-2025-57788 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-57788

Name: commvault
Author: commvault

6.5MEDIUM

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Publicado: 8/20/2025Actualizado: 9/10/2025

Descripción

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Análisis IAImpulsado por IA

Productos Afectados

commvaultcommvault

Referencias

https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html
Vendor Advisory
https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials
ExploitThird Party Advisory