CVE-2025-57791
MEDIUMCommvault Command-Line Argument Injection to Traversal Remote Code Execution
Title source: metasploitDescription
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Sonny Macdonald, Piotr Bazydlo, remmons-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/commvault_rce_cve_2025_57790_cve_2025_57791.rb
Scores
CVSS v3
6.5
EPSS
0.4031
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-88
Status
published
Affected Products (1)
commvault/commvault
< 11.36.60
Timeline
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026