CVE-2025-57789

MEDIUM NUCLEI

Default Credential - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2025-57789 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

Nuclei Templates (1)

Commvault Initial Administrator Login Process Vulnerability

MEDIUMVERIFIEDby DhiyaneshDK,watchtowr

Shodan: http.favicon.hash:-542502280

References (1)

Core 1

Core References

Vendor Advisory

https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html

Scores

CVSS v3 5.4

EPSS 0.0654

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-257

Status published

Products (1)

commvault/commvault < 11.36.60

Published Aug 20, 2025

Tracked Since Feb 18, 2026