An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

Related CVEs

CVE-2025-57789

Key Information

GHSA ID

GHSA-2vjv-2jwr-w8hr

Published

August 20, 2025 6:30 AM

Last Modified

August 21, 2025 3:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 23, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.