Commvault
CVE-2025-57790
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
AnalysisAI
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 49.6% and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-36. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution. Affected products include: Commvault.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP f
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments
During the brief window between installation and the first administrator login, remote attackers may exploit the default
The Report Builder component of the application stores user input directly in a web page and displays it to other users,
Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongs
Same weakness CWE-36 – Absolute Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today