CVE-2025-57791

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*

History

10 Sep 2025, 16:15

Type	Values Removed	Values Added
Summary	(en) An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.	(en) A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
References	~~() https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html - Vendor Advisory~~	() https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html - Vendor Advisory

21 Aug 2025, 14:42

Type	Values Removed	Values Added
First Time		Commvault commvault Commvault
CPE		cpe:2.3:a:commvault:commvault::::::::
References	~~() https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html -~~	() https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

20 Aug 2025, 14:39

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema en Commvault antes de la versión 11.36.60. Se identificó una vulnerabilidad de seguridad que permite a atacantes remotos inyectar o manipular argumentos de la línea de comandos transmitidos a componentes internos debido a una validación de entrada insuficiente. Una explotación exitosa da como resultado una sesión de usuario válida para un rol con privilegios bajos.

20 Aug 2025, 04:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 04:16

Updated : 2025-09-10 16:15

NVD link : CVE-2025-57791

Mitre link : CVE-2025-57791

CVE.ORG link : CVE-2025-57791

JSON object : View

Products Affected

commvault

commvault

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

6.5 /10