Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

What’s new: Commvault has released updates to address four vulnerabilities that could allow remote code execution on affected instances. These vulnerabilities, identified in Commvault versions prior to 11.36.60, include CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791. The vulnerabilities can be exploited through pre-authentication exploit chains, with one requiring the default admin password to remain unchanged since installation.

Who’s affected

Organizations using Commvault versions before 11.36.60 are at risk. The Commvault SaaS solution is not affected by these vulnerabilities.

What to do

• Upgrade to Commvault versions 11.32.102 or 11.36.60 to mitigate the vulnerabilities.
• Change the default admin password if it has not been altered since installation.
• Monitor for any unusual activity that may indicate exploitation attempts.

Sources

• The Hacker News