cbcvebase.
CVE-2025-57790
published 2025-08-20

CVE-2025-57790: A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The…

PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
16.11%
96.5th percentile
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.

Affected

3 ranges
VendorProductVersion rangeFixed in
commvaultcommcell11.32.0 – 11.32.101
commvaultcommcell11.36.0 – 11.36.59
commvaultcommvault< 11.36.6011.36.60

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/commvault_rce_cve_2025_57790_cve_2025_57791.rb
filenamecommvault_rce_cve_2025_57790_cve_2025_57791.rb
  • The exploit chain is unauthenticated — monitor for unauthenticated HTTP requests targeting Commvault web endpoints, particularly those involving command-line argument injection patterns.
  • CVE-2025-57788 is used as a prerequisite to leak the target hostname before RCE is attempted — detect reconnaissance requests consistent with hostname disclosure against Commvault HTTP services.
  • Monitor for path traversal sequences in HTTP requests to Commvault services, as the vulnerability involves unauthorized file system access via path traversal leading to RCE.
  • Processes spawned under NETWORK SERVICE context from Commvault web service processes should be treated as suspicious and investigated for post-exploitation activity.
  • ·The exploit chain requires knowledge of the target hostname (leaked via CVE-2025-57788) before RCE can be executed — network segmentation limiting hostname discoverability may reduce exploitability.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.