vulnerability

Commvault Web Server: CVE-2025-57791: Improper Neutralization of Argument Delimiters in a Command

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Aug 20, 2025

Added

Aug 20, 2025

Modified

Aug 20, 2025

Description

An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.

Solution

commvault-web-server-upgrade-latest

References

CVE-2025-57791
https://attackerkb.com/topics/CVE-2025-57791
https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html
CWE-88

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report