CVE-2025-57789: 
Commvault vulnerability analysis and mitigation

CVE-2025-57789 is a security vulnerability discovered in Commvault software versions before 11.36.60. The vulnerability exists during the brief window between installation and the first administrator login, where remote attackers can exploit default credentials to gain administrative control. This vulnerability is specifically limited to the setup phase, before any jobs have been configured (Commvault Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 5.3 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Additionally, it received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The vulnerability is associated with CWE-257 (Storing Passwords in a Recoverable Format) (NVD).

If exploited, this vulnerability allows remote attackers to gain administrative control of the Commvault system during the initial setup phase. The impact is limited to the period between installation and first administrator login, specifically before any jobs have been configured (Commvault Advisory, Hacker News).

Commvault has released patches to address this vulnerability. Users running affected versions should upgrade to the following fixed versions: Commvault 11.32.0 - 11.32.101 should upgrade to 11.32.102, and Commvault 11.36.0 - 11.36.59 should upgrade to 11.36.60. It's worth noting that Commvault SaaS solutions are not affected by this vulnerability (Commvault Advisory, Fortra).

The vulnerability was responsibly disclosed by security researchers Sonny and Piotr Bazydlo (@chudyPB) of watchTowr. The discovery has garnered attention in the cybersecurity community as part of a larger set of vulnerabilities affecting Commvault systems (Commvault Advisory, WatchTowr Labs).