Commvault Releases Security Updates to Address Multiple Vulnerabilities


Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server.

  • CVE-2025-57788 – Unauthorized API Access Risk
  • CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process
  • CVSSv4 5.3

Read more…
Source: NHS Digital


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Second Google Chrome zero-day exploit dropped on twitter this week

    April 14, 2021

    A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it. These vulnerabilities pose a ...

  • Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

    April 13, 2021

    While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation ...

  • CISA gives federal agencies until Friday to patch Exchange servers

    April 13, 2021

    The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first. Read more… Source: Bleeping Computer Related story: ...

  • NSA discovers critical Exchange Server vulnerabilities, patch now

    April 13, 2021

    Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. All the flaws lead to remote code execution on a vulnerable machine and were discovered and reported to Microsoft by the U.S. National Security Agency (NSA). Microsoft also found some of them ...

  • FBI nuked web shells from hacked Exchange Servers without telling owners

    April 13, 2021

    A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers’ owners. On March 2nd, Microsoft released a series of Microsoft Exchange security updates for vulnerabilities actively exploited by a hacking group known as HAFNIUM. These vulnerabilities are collectively known as ProxyLogon and were used by threat ...

  • NAME:WRECK DNS vulnerabilities affect over 100 million devices

    April 13, 2021

    Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in widespread TCP/IP stacks ...