CNNVD-202508-2391 Information

CNNVD ID

CNNVD-202508-2391

Related CVE

CVE-2025-57788

• CNNVD Published: 2025-08-20

Description (Chinese)

Commvault是美国Commvault公司的一个数据备份、恢复软件。 Commvault 11.36.60之前版本存在安全漏洞，该漏洞源于已知登录机制允许未经验证的攻击者执行API调用。

Description (English)

Commvault is a data backup, recovery software for Comvault in the United States. 11.36.60 There is a security loophole in the previous version of Commvault 11.36.60, which stems from the fact that the known access mechanism allows unverified attackers to carry out API calls.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Commvault

Published

2025-08-20

Last Modified

2026-02-24

References

https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials https://access.redhat.com/security/cve/cve-2025-57788 https://nvd.nist.gov/vuln/detail/CVE-2025-57788

Patch

https://www.commvault.com/