Commvault Releases Security Updates to Address Multiple Vulnerabilities


Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server.

  • CVE-2025-57788 – Unauthorized API Access Risk
  • CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process
  • CVSSv4 5.3

Read more…
Source: NHS Digital


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

    December 15, 2020

    A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardware running on its own Apple processors. In total, six high-severity flaws ...

  • Severe MDHexRay bug affects 100+ GE Healthcare imaging systems

    December 9, 2020

    A vulnerability in GE Healthcare’s proprietary management software used for medical imaging devices could put patients’ health privacy at risk, potentially their lives. The flaw received the name MDHexRay (CVE-2020-25179) and a severity score of 9.8 out of 10. It affects more than 100 CT, X-Ray, MRI device models in a dozen product lines from the ...

  • NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability

    December 7, 2020

    The US National Security Agency has published a security alert today urging companies to update VMWare products for a vulnerability that is currently exploited by “Russian state-sponsored malicious cyber actors.” The vulnerability tracked as CVE-2020-4006, impacts VMWare endpoint and identity management products, often deployed in enterprise and government networks. The affected products, listed below, allow system administrators ...

  • iPhone Bug Allowed for Complete Device Takeover Over the Air

    December 2, 2020

    Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within a nearby vicinity. The hack could of ...

  • Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

    November 19, 2020

    Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by researchers, in particular targets vacuums with LiDAR sensors, as the name ...

  • German COVID-19 Contact-Tracing Vulnerability Allowed RCE

    November 19, 2020

    A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Labs were chasing down RCE vulnerabilities on the platform and found one in the infrastructure ...