Commvault Addresses Vulnerabilities in Backup Suite That Enable Remote Code Execution

Commvault has addressed four significant security vulnerabilities that could enable unauthenticated attackers to compromise on-premises deployments of its backup and replication suite. Researchers from watchTowr Labs disclosed the technical details of these vulnerabilities, demonstrating that they could be chained together to achieve remote code execution. Although the researchers opted not to publish proof-of-concept exploits, their comprehensive write-up provides enough information to facilitate the creation of such exploits. Administrators managing Commvault on-premises installations are strongly advised to update to the latest maintenance versions promptly to mitigate potential risks.

The vulnerabilities identified by watchTowr researchers Sonny Macdonald and Piotr Bazydlo impact critical components of Commvault’s management plane, including the Web Server, Command Center, and, in some instances, the CommServe, which acts as the central hub of a Commvault deployment. The flaws include CVE-2025-57788, which leaks a low-privileged account password; CVE-2025-57789, allowing an attacker to decrypt the built-in administrator password; CVE-2025-57791, which exploits an argument injection in a login request to obtain a low-privilege session token; and CVE-2025-57790, a path traversal issue that could enable attackers to write files into web directories, facilitating the deployment of a JSP webshell for executing arbitrary commands. 

Categories: Security Vulnerabilities, Remote Code Execution, Data Protection Software 

Tags: Commvault, Vulnerabilities, Security, Remote Code Execution, Backup, Authentication, Privilege Escalation, Path Traversal, Webshell, Data Protection