Commvault Releases Security Updates to Address Multiple Vulnerabilities


Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server.

  • CVE-2025-57788 – Unauthorized API Access Risk
  • CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process
  • CVSSv4 5.3

Read more…
Source: NHS Digital


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Windows kernel zero-day disclosed by Google’s Project Zero after bug exploited in the wild by hackers

    October 30, 2020

    Google’s Project Zero bug-hunting team has disclosed a Windows kernel flaw that’s being actively exploited by miscreants to gain administrator access on compromised machines. The web giant’s bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder. The privilege-escalation issue ...

  • Oracle WebLogic Server RCE Flaw Under Active Attack

    October 29, 2020

    If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.” Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, ...

  • FBI: Hackers stole government source code via SonarQube instances

    October 27, 2020

    The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages. Vulnerable SonarQube servers have ...

  • Nvidia tackles code execution flaws, data leaks in GeForce Experience

    October 23, 2020

    Nvidia has resolved a trio of vulnerabilities impacting the GeForce Experience suite. GeForce Experience is software designed by Nvidia with games and live streamers in mind, including driver update management, driver optimization for gaming and graphics cards, and both video & audio capture. On October 22, Nvidia said the firm’s latest security update tackles issues found in ...

  • Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

    October 21, 2020

    Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild. Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov ...

  • Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

    October 20, 2020

    Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After ...