Vulnerability in Initial Administrator Login Process_CVE-2025-57789

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

Basic Information

ID CVE-2025-57789

Source mitre

Published Aug 20, 2025 at 03:22

Affected Product

Vendor Commvault

Product CommCell

Version 11.32.0

Affected Versions Commvault CommCell 11.32.0
Commvault CommCell 11.36.0

CWE Classification

CWE-257

References

documentation.commvault.com /securityadvisories/CV_2025_08_4.html

{
    "lastseen": "",
    "description": "An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.",
    "published": "2025-08-20T03:22:08.764Z",
    "modified": "2025-08-20T03:22:08.764Z",
    "type": "cve",
    "title": "Vulnerability in Initial Administrator Login Process",
    "source": "mitre",
    "references": "https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html",
    "id": "CVE-2025-57789",
    "bulletinFamily": "",
    "cwe": [
        "CWE-257"
    ],
    "cvelist": null,
    "sourceData": "Commvault CommCell 11.32.0\nCommvault CommCell 11.36.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CommCell",
    "version": "11.32.0",
    "vendor": "Commvault",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}