CVE-2025-57788

Medium

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC…

Commvault·CWE-259·Published 2025-08-20

CVSS

6.5

EPSS

0.03

KEV

Exploits

cve.orgen

191 chars

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

NVDen

191 chars

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Se detectó un problema en Commvault antes de la versión 11.36.60. Una vulnerabilidad en un mecanismo de inicio de sesión conocido permite a atacantes no autenticados ejecutar llamadas a la API sin requerir credenciales de usuario. RBAC ayuda a limitar la exposición, pero no elimina el riesgo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0	Primary	cve.org	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.0	Primary	cve.org	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.0	Secondary	NVD	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X