Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-57790
CVE-2025-57790:
Commvault vulnerability analysis and mitigation
Overview
A critical security vulnerability (CVE-2025-57790) was discovered in Commvault software versions before 11.36.60. The vulnerability, identified in August 2025, allows remote attackers to perform unauthorized file system access through a path traversal issue, which could potentially lead to remote code execution. The affected versions include Commvault 11.32.0 through 11.32.101 and 11.36.0 through 11.36.59 on both Linux and Windows platforms (Commvault Advisory, NVD).
Technical details
The vulnerability is classified as an Absolute Path Traversal (CWE-36) issue. It has received a CVSS v4.0 base score of 8.7 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires low attack complexity and can be exploited remotely with low privileges and no user interaction (NVD).
Impact
The vulnerability enables unauthorized file system access and could potentially lead to remote code execution on affected systems. This vulnerability can be particularly dangerous when chained with other vulnerabilities (CVE-2025-57788, CVE-2025-57789, CVE-2025-57791) to create pre-authenticated exploit chains for achieving remote code execution on susceptible instances (Hacker News).
Mitigation and workarounds
Commvault has released patches to address this vulnerability. Users running version 11.32.0 through 11.32.101 should upgrade to version 11.32.102, while users running version 11.36.0 through 11.36.59 should upgrade to version 11.36.60. The Commvault SaaS solution is not affected by this vulnerability and requires no customer action (Commvault Advisory, Fortra).
Community reactions
The vulnerability was discovered and reported by security researchers Sonny Macdonald and Piotr Bazydlo from watchTowr Labs in April 2025. The disclosure comes four months after a previous critical Commvault Command Center vulnerability (CVE-2025-34028) that was actively exploited in the wild (Hacker News).
Additional resources
Source: This report was generated using AI
Related Commvault vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management