Remote Code Execution Risks Discovered in Commvault: Pre-Auth Exploit Chains Identified

August 21, 2025
Category: Vulnerability / Software Security

Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:

  • CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.

  • CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.

  • CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.

  • CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.

Commvault Issues Critical Security Updates to Mitigate Remote Code Execution Vulnerabilities

On August 21, 2025, Commvault announced significant updates aimed at addressing four critical security vulnerabilities that could potentially be exploited to execute remote code on vulnerable instances of its software. These vulnerabilities, which affect versions prior to 11.36.60, reveal serious flaws that could leave systems at risk to cyber attackers.

One of the major vulnerabilities, tracked as CVE-2025-57788 with a CVSS score of 6.9, pertains to a recognized login mechanism. This flaw permits unauthenticated attackers to make API calls without the need for user credentials, thereby compromising the integrity of the system. Another vulnerability, identified as CVE-2025-57789 and rated at a CVSS score of 5.3, involves the setup phase occurring between installation and the initial admin login. This gap allows attackers to exploit default credentials, thereby gaining unauthorized administrative access.

The most severe of the vulnerabilities is CVE-2025-57790, which has a CVSS score of 8.7, highlighting its critical nature. A path traversal vulnerability enables remote attackers to gain unauthorized access to the file system. This results in the possibility of executing arbitrary code, a major concern for businesses relying on Commvault’s software for data protection and management. Lastly, CVE-2025-57791, also carrying a CVSS score of 6.9, allows attackers to inject or manipulate command-line arguments directed at internal components, potentially facilitating further exploitation.

These vulnerabilities demonstrate a concerning trend in cybersecurity, particularly in systems that rely heavily on remote access and configuration. Organizations utilizing Commvault products should prioritize applying the recent patches to mitigate these risks effectively. Considering the nature of these exploits, potential attackers could employ tactics outlined in the MITRE ATT&CK framework, such as Initial Access, where an adversary gains entry to the system, and Privilege Escalation, where they subsequently gain elevated rights to execute harmful activities.

The Commvault vulnerabilities underscore the importance of robust cybersecurity measures, particularly in environments handling sensitive data. As cyber threats continue to evolve, business owners must remain vigilant, ensuring that their systems not only are updated but also adhere to best practices in security management.

While Commvault’s recognition of these vulnerabilities represents a proactive step towards safeguarding user data, the responsibility ultimately rests on organizations to address these risks promptly. Cybersecurity is no longer a concern exclusive to IT departments; it has become a critical business imperative, demanding attention from leadership to secure sensitive information against potential threats.

Source link

Related Posts

Former Developer Sentenced to Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has received a four-year prison sentence and three years of supervised release for deploying custom malware that targeted his former employer’s network. Davis Lu, 55, of Houston, Texas, was found guilty in March 2025 of intentionally damaging protected computers. He was arrested in April 2021 for misusing his position as a software developer to run malicious code on the company’s servers. While the company’s name was not disclosed, it has been identified as Eaton Corporation, a multinational power management firm based in Beachwood, Ohio. “The defendant violated his employer’s trust, using his technical expertise to disrupt network operations and causing significant financial losses to a U.S. company,” stated Acting Assistant Attorney General M…

INTERPOL Foils Cybercrime Network: 1,209 Arrested Across 18 African Nations in Major Operation

On August 22, 2025, INTERPOL revealed that law enforcement agencies from 18 African countries have apprehended 1,209 cybercriminals responsible for targeting 88,000 victims. The coordinated effort recovered $97.4 million and dismantled over 11,432 malicious operations, highlighting the widespread nature of cybercrime and the critical need for international collaboration. This operation, part of the ongoing initiative known as Operation Serengeti, spanned from June to August 2025 and aimed at combating serious offenses such as ransomware, online scams, and business email compromises. The first wave of arrests took place late last year. Notably, the operation led to the closure of 25 illegal cryptocurrency mining centers in Angola, involving 60 Chinese nationals in the fraudulent scheme. Authorities also identified and seized 45 illegal power stations, alongside mining and IT infrastructure valued at over $37 million, designated for government use.

Chinese Hackers Murky Panda, Genesis, and Glacial Panda Intensify Cloud and Telecom Espionage Efforts

August 22, 2025
Cloud Security / Vulnerability

Cybersecurity experts are alerting the public to the growing threat posed by the China-linked cyber espionage group known as Murky Panda. This group is employing trusted cloud relationships to infiltrate enterprise networks. According to a report from CrowdStrike, “The adversary has demonstrated a significant capacity to rapidly exploit N-day and zero-day vulnerabilities, often gaining initial access by targeting internet-facing devices.” Murky Panda, previously recognized as Silk Typhoon (and formerly Hafnium), gained notoriety for its exploitation of Microsoft Exchange Server vulnerabilities in 2021. Their attacks have primarily focused on government, technology, academic, legal, and professional services sectors in North America. Earlier this March, Microsoft revealed the threat actor’s evolving strategies, particularly their focus on the IT supply chain to gain entry into corporate networks.

Linux Malware Leveraging Malicious RAR Filenames Evades Antivirus Detection

In a recent report from cybersecurity researchers, a new attack strategy has been revealed, utilizing phishing emails to spread an open-source backdoor known as VShell. According to Trellix researcher Sagar Bade, this “Linux-specific malware infection chain begins with a spam email containing a harmful RAR archive file.” The unique aspect of this attack is that the malicious payload is embedded directly in the filename, rather than hidden within the file’s content or through macros. By employing shell command injection and Base64-encoded Bash payloads, attackers transform routine file listing commands into triggers for automatic malware execution. This technique exploits a common, yet dangerous pattern in shell scripts, where poorly sanitized file names allow seemingly innocuous commands like eval or echo to execute arbitrary code. Additionally, this approach provides further advantages…