[Vulnerability Alert] Commvault has a major security vulnerability (CVE-2025-57790)

• Subject: [Vulnerability Alert] Commvault has a major security vulnerability (CVE-2025-57790)
• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000016
  • CommVault, a backup and data protection software vendor known for its enterprise-level integrated data management solutions, supports multi-platform and multi-environment backup and recovery, and provides efficient data protection technology and cloud integration capabilities. Recently, a major security vulnerability advisory (CVE-2025-57790, CVSS 3.x: 8.8) was released. This vulnerability allows a remote attacker to use path traversal to perform unauthorized file system access, which may lead to remote code execution.
• Affected Platforms:
  • Commvault versions 11.32.0 to 11.32.101, and Commvault versions 11.36.0 to 11.36.59.
• Recommended Measures:
  • Update to Commvault version 11.32.102 or later, or Commvault version 11.36.60 or later.
• References:
  1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html
  2. https://nvd.nist.gov/vuln/detail/cve-2025-57790

Computer and Communications Center
Network Systems Group