CVE-2025-57789

{"id": "CVE-2025-57789", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "050066fd-a2f9-4f32-ab5d-4c53f48bc333", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T04:16:03.847", "references": [{"url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html", "tags": ["Vendor Advisory"], "source": "050066fd-a2f9-4f32-ab5d-4c53f48bc333"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "050066fd-a2f9-4f32-ab5d-4c53f48bc333", "description": [{"lang": "en", "value": "CWE-257"}]}], "descriptions": [{"lang": "en", "value": "During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Commvault antes de la versi\u00f3n 11.36.60. Durante el breve periodo entre la instalaci\u00f3n y el primer inicio de sesi\u00f3n del administrador, atacantes remotos podr\u00edan explotar las credenciales predeterminadas para obtener el control administrativo. Esto se limita a la fase de configuraci\u00f3n, antes de configurar cualquier tarea."}], "lastModified": "2025-09-10T16:15:40.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5", "versionEndExcluding": "11.36.60"}], "operator": "OR"}]}], "sourceIdentifier": "050066fd-a2f9-4f32-ab5d-4c53f48bc333"}