CVE-2025-57789
published 2025-08-20CVE-2025-57789: During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This…
PriorityP338medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EXPLOIT
EPSS
1.10%
61.6th percentile
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| commvault | commcell | 11.32.0 – 11.32.101 | — |
| commvault | commcell | 11.36.0 – 11.36.59 | — |
| commvault | commvault | < 11.36.60 | 11.36.60 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Commvault Initial Administrator Login Process Vulnerability
nuclei·CVSS 5.3
CVE-2025-57789 [MEDIUM] Commvault Initial Administrator Login Process Vulnerability
Commvault Initial Administrator Login Process Vulnerability
An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
Template:
id: CVE-2025-57789
info:
name: Commvault Initial Administrator Login Process Vulnerability
author: DhiyaneshDK,watchtowr
severity: medium
description: |
An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
impact: |
2025-08-20
Published