CVE-2025-57790
published 2025-08-20CVE-2025-57790: A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The…
PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
16.11%
96.5th percentile
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| commvault | commcell | 11.32.0 – 11.32.101 | — |
| commvault | commcell | 11.36.0 – 11.36.59 | — |
| commvault | commvault | < 11.36.60 | 11.36.60 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/commvault_rce_cve_2025_57790_cve_2025_57791.rb↗
- →The exploit chain is unauthenticated — monitor for unauthenticated HTTP requests targeting Commvault web endpoints, particularly those involving command-line argument injection patterns. ↗
- →CVE-2025-57788 is used as a prerequisite to leak the target hostname before RCE is attempted — detect reconnaissance requests consistent with hostname disclosure against Commvault HTTP services. ↗
- →Monitor for path traversal sequences in HTTP requests to Commvault services, as the vulnerability involves unauthorized file system access via path traversal leading to RCE. ↗
- →Processes spawned under NETWORK SERVICE context from Commvault web service processes should be treated as suspicious and investigated for post-exploitation activity. ↗
- ·The exploit chain requires knowledge of the target hostname (leaked via CVE-2025-57788) before RCE can be executed — network segmentation limiting hostname discoverability may reduce exploitability. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Wiz
CVE-2025-12776 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.8
CVE-2025-12776 [LOW] CVE-2025-12776 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12776 :
Commvault vulnerability analysis and mitigation
The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the user input is not validated in the report creation, these scripts are not executed when the report is run by end users. The script is executed when the report is modified through the report builder by a user with edit permissions.
The Report Builder is part of the WebConsole. The WebConsole package is currently end of life, and is no longer maintained. We strongly recommend against installing or using it in any production env
2025-08-20
Published