CVE-2025-57789
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-10
Assigner: Commvault
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| commvault | commvault | to 11.36.60 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Commvault Software occurs during the brief setup phase between installation and the first administrator login. During this window, remote attackers can exploit default credentials to gain administrative control before any jobs are configured. It affects versions 11.32.0 through 11.32.101 and 11.36.0 through 11.36.59 on Linux and Windows platforms and is resolved in maintenance releases 11.32.102 or 11.36.60 and later. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows remote attackers to gain administrative control over the Commvault system during the initial setup phase. This could lead to unauthorized access and control of the system before any jobs are configured, potentially compromising system integrity and data managed by Commvault. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying the Commvault Web Server version to ensure it is not within the vulnerable range (versions 11.32.0 through 11.32.101 and 11.36.0 through 11.36.59). You can check the installed version via the Commvault Command Center by navigating to Manage > Servers, filtering by the Web Server role, and confirming the version is 11.32.102, 11.36.60, or later. There are no specific network commands provided to detect exploitation attempts, but verifying the version is the recommended detection method. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Commvault Web Server to the maintenance release 11.32.102 or 11.36.60 or later. This update resolves the issue by closing the window during setup where default credentials can be exploited. Additionally, ensure that the first administrator login occurs promptly after installation to minimize the exposure window. [1]