Home

Description

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-20 | Updated 2025-09-10 | Assigner mitre




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-257: Storing Passwords in a Recoverable Format

Product status

Default status
unaffected

11.32.0
affected

11.36.0
affected

Credits

Sonny and Piotr Bazydlo (@chudyPB) of watchTowr

References

documentation.commvault.com/...yadvisories/CV_2025_08_4.html

cve.org (CVE-2025-57789)

nvd.nist.gov (CVE-2025-57789)

Download JSON