Commvault Releases Security Updates to Address Multiple Vulnerabilities


Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server.

  • CVE-2025-57788 – Unauthorized API Access Risk
  • CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process
  • CVSSv4 5.3

Read more…
Source: NHS Digital


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Nvidia Warns About Severe Security Bugs in GPU Driver, vGPU Software

    April 26, 2021

    Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure. Meanwhile, the Nvidia virtual GPU (vGPU) software also has a group of bugs that could lead to a range of ...

  • CVE-2020-24557 Trend Micro bug is being exploited in the wild

    April 22, 2021

    US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers. The bug was discovered ...

  • AirDrop bugs expose Apple users’ email addresses, phone numbers

    April 21, 2021

    A team of academics from a German university said it discovered two vulnerabilities that can be abused to extract phone numbers and email addresses from Apple’s AirDrop file transfer feature. The two bugs reside in the authentication process during the initial phase of an AirDrop connection, where devices try to discover each one another and determine ...

  • Pulse Secure VPN zero-day used to hack defense firms, govt orgs

    April 20, 2021

    Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks. To mitigate the vulnerability tracked as CVE-2021-22893 (with a maximum 10/10 severity score), Pulse Secure advises customers with gateways ...

  • Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

    April 20, 2021

    In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a ...

  • NSA: 5 Security Bugs Under Active Nation-State Cyberattack

    April 16, 2021

    The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. ...