CVE-2025-57789: 
Commvault vulnerability analysis and mitigation

A vulnerability (CVE-2025-57789) was discovered in Commvault versions before 11.36.60, affecting both Linux and Windows platforms. The vulnerability exists during the setup phase between installation and the first administrator login, where remote attackers can exploit default credentials to gain administrative control. This security issue is specifically limited to the setup phase, before any jobs have been configured (NVD, Commvault Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 5.3 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Under CVSS v3.1, it received a base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The vulnerability is classified under CWE-257 (Storing Passwords in a Recoverable Format) (NVD).

If exploited, this vulnerability allows remote attackers to gain administrative control of the Commvault system during the initial setup phase. The impact is limited to the period between installation and the first administrator login, specifically before any jobs have been configured. This vulnerability can be particularly dangerous when combined with other vulnerabilities as part of an exploit chain (Hacker News).

Commvault has released patches to address this vulnerability. Users running affected versions should upgrade to the following fixed versions: Commvault 11.32.0 - 11.32.101 should upgrade to version 11.32.102, and Commvault 11.36.0 - 11.36.59 should upgrade to version 11.36.60. It's worth noting that Commvault SaaS solution is not affected by this vulnerability (Commvault Advisory, Fortra).

Security researchers Sonny Macdonald and Piotr Bazydlo from watchTowr Labs discovered and reported this vulnerability along with three other security defects in April 2025. The security community has particularly noted the potential for this vulnerability to be used in pre-authenticated exploit chains (Hacker News).