CVE-2025-57789

MEDIUM NUCLEI

Default Credential - Privilege Escalation

Title source: llm

Description

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

Nuclei Templates (1)

Commvault Initial Administrator Login Process Vulnerability

MEDIUMVERIFIEDby DhiyaneshDK,watchtowr

Shodan: http.favicon.hash:-542502280

References (1)

[Vendor Advisory] https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html

Scores

CVSS v3 5.4

EPSS 0.0739

EPSS Percentile 91.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-257

Status published

Affected Products (1)

commvault/commvault < 11.36.60

Timeline

Published Aug 20, 2025

Tracked Since Feb 18, 2026