CNNVD-202508-2389 Information

CNNVD ID

CNNVD-202508-2389

Related CVE

CVE-2025-57791

• CNNVD Published: 2025-08-20

Description (Chinese)

Commvault是美国Commvault公司的一个数据备份、恢复软件。 Commvault 11.36.60之前版本存在参数注入漏洞，该漏洞源于输入验证不足导致命令行参数注入或操纵，可能导致低权限角色获取有效用户会话。

Description (English)

Commvault is a data backup, recovery software for Comvault in the United States. 11.36.60 The previous version of the Code contains a gap in the parameters, which arises from inadequate input validation leading to the injection or manipulation of command line parameters, which may lead to the acquisition of effective user sessions by low-authorized players.

Hazard Level

High

Vulnerability Type

参数注入

Affected Vendor

Commvault

Published

2025-08-20

Last Modified

2026-02-24

References

https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html https://nvd.nist.gov/vuln/detail/CVE-2025-57791 https://access.redhat.com/security/cve/cve-2025-57791

Patch

https://www.commvault.com/