vulnerability

Commvault Web Server: CVE-2025-57791: Improper Neutralization of Argument Delimiters in a Command

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Aug 20, 2025	Aug 20, 2025	Aug 20, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Aug 20, 2025

Added

Aug 20, 2025

Modified

Aug 20, 2025

Description

An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.

Solution

commvault-web-server-upgrade-latest

References

CVE-2025-57791
https://attackerkb.com/topics/CVE-2025-57791
URL-https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html
CWE-88

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today