exploitDog

CVE-2025-57788

Опубликовано: 20 авг. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Ссылки

https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html
Vendor Advisory
https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*

Версия до 11.36.60 (исключая)

EPSS

Процентиль: 84%

0.02206

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-259

Связанные уязвимости

GHSA-w78r-f8w4-qxcq

CVSS3: 6.5

github

28 дней назад

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

EPSS

Процентиль: 84%

0.02206

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-259