CVE-2025-57791

MEDIUM

Commvault Command-Line Argument Injection to Traversal Remote Code Execution

Title source: metasploit

Description

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Sonny Macdonald, Piotr Bazydlo, remmons-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/commvault_rce_cve_2025_57790_cve_2025_57791.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html

Scores

CVSS v3 6.5

EPSS 0.4031

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-88

Status published

Products (1)

commvault/commvault < 11.36.60

Published Aug 20, 2025

Tracked Since Feb 18, 2026