Updated:
Status:
CVEs:
Fortra is actively researching a critical remote code execution (RCE) vulnerability in Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) that allows attackers to bypass authentication and execute code on affected systems. The primary recommendation is to upgrade affected Commvault versions to the patched releases immediately.
Who is affected?
According to the vendor, the following Commvault versions are affected by these vulnerabilities:
- Commvault 11.32.0 through 11.32.101
- Commvault 11.36.0 through 11.36.59
What can I do?
Customers are advised to upgrade to the fixed versions to mitigate these vulnerabilities:
- Commvault 11.32.0 - 11.32.101 → upgrade to 11.32.102
- Commvault 11.36.0 – 11.36.59 → upgrade to 11.36.60
For detailed information, refer to the vendor’s official advisories:
- Argument Injection – CVE-2025-57791
- Path Traversal – CVE-2025-57790
- Unauthorized API Access – CVE-2025-57788
- Administrator Login – CVE-2025-57789
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.
