What’s new: Commvault has released updates to address four vulnerabilities that could allow remote code execution on affected instances. The vulnerabilities, identified in Commvault versions prior to 11.36.60, include CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791, with CVSS scores ranging from 5.3 to 8.7. These vulnerabilities can be exploited by unauthenticated attackers, particularly if default credentials are not changed.
Who’s affected
Organizations using Commvault versions before 11.36.60 are at risk. The Commvault SaaS solution is not affected by these vulnerabilities.
What to do
- Upgrade to Commvault versions 11.32.102 or 11.36.60 to mitigate the vulnerabilities.
- Change default credentials to prevent unauthorized access.
- Monitor for any unusual activity that may indicate exploitation attempts.
