CVE-2025-57789

Summary

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

Affected Software

VendorProductVersion RangeStatus
CommvaultCommCell11.32.0 <= 11.32.101affected
CommvaultCommCell11.36.0 <= 11.36.59affected

Weaknesses

  • CWE-257: CWE-257: Storing Passwords in a Recoverable Format

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References