Commvault Releases Security Updates to Address Multiple Vulnerabilities


Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server.

  • CVE-2025-57788 – Unauthorized API Access Risk
  • CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process
  • CVSSv4 5.3

Read more…
Source: NHS Digital


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Update now: Samba prior to 4.13.17 hit with remote root code execution bug

    February 1, 2022

    Samba has fixed a vulnerability in all versions of its software prior to version 4.13.17 that allowed for a remote actor to execute code as root, thanks to an out-of-bounds heap read write vulnerability. “The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write ...

  • CISA adds 8 vulnerabilities to list of actively exploited bugs

    January 31, 2022

    The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they’re a mix of old and new. The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates ...

  • Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

    January 31, 2022

    A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug (UXSS) Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the ...

  • 277,000 routers exposed to Eternal Silence attacks via UPnP

    January 31, 2022

    A malicious campaign known as ‘Eternal Silence’ is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding ...

  • QNAP warns NAS users of DeadBolt ransomware, urges customers to update

    January 27, 2022

    Taiwanese network-attached storage giant QNAP urged its customers to update their systems this week after the DeadBolt ransomware was discovered targeting all NAS instances exposed to the internet. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP NAS and routers, and immediately update QTS to the ...

  • Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data

    January 25, 2022

    Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists ...