{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2025-57789","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","state":"PUBLISHED","assignerShortName":"mitre","dateReserved":"2025-08-19T18:25:57.338Z","datePublished":"2025-08-20T03:22:08.764Z","dateUpdated":"2026-02-26T17:48:25.835Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"CommCell","vendor":"Commvault","versions":[{"lessThanOrEqual":"11.32.101","status":"affected","version":"11.32.0","versionType":"semver"},{"lessThanOrEqual":"11.36.59","status":"affected","version":"11.36.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured."}],"metrics":[{"cvssV4_0":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","baseSeverity":"MEDIUM","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-257","description":"CWE-257: Storing Passwords in a Recoverable Format","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"050066fd-a2f9-4f32-ab5d-4c53f48bc333","shortName":"Commvault","dateUpdated":"2025-09-10T15:54:49.968Z"},"references":[{"url":"https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html"}],"title":"Vulnerability in Initial Administrator Login Process","credits":[{"lang":"en","value":"Sonny and Piotr Bazydlo (@chudyPB) of watchTowr"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-57789","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-21T03:55:09.971466Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:48:25.835Z"}}]},"dataVersion":"5.2"}