CVE-2025-57788

Unauthorized API Access Risk

CVSS 6.9 MEDIUMEPSS 2.7%CWE-259

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Commvault · CommCell

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials