Critical Pre-Auth Vulnerabilities in Commvault Let Hackers Achieve RCE Without Logging In

Friday, 22 August

Friday, 22 August, 2025

Critical Pre-Auth Vulnerabilities in Commvault Let Hackers Achieve RCE Without Logging In

Security researchers have uncovered four serious pre-authentication exploit chains in Commvault versions earlier than 11.36.60 that enable remote code execution (RCE) without requiring credentials. These flaws include CVE-2025-57788—a login mechanism bypass—and CVE-2025-57789, which exploits default credentials during initial setup to grant admin privileges. Commvault has issued updates to fix these critical issues.

Read full story at The Hacker News

Tags:hackers security code execution

Categories

Critical Pre-Auth Vulnerabilities in Commvault Let Hackers Achieve RCE Without Logging In

Also Read

Russia Offers Morocco Advanced Cybersecurity Solutions for Energy Infrastructure

Warlock Ransomware Exploits SharePoint Flaws to Launch Sophisticated Enterprise Attacks

Oregon Man Charged for Operating One of World’s Most Powerful Botnets, ‘Rapper Bot’

Critical Pre-Auth Vulnerabilities in Commvault Let Hackers Achieve RCE Without Logging In

Cybersecurity Ranks Third-Biggest Risk for Manufacturers, AI Investments Surge

DaVita Ransomware Attack Exposes 2.7 Million Patients, Costs Hit $13.5M

Google Cloud Embeds AI at Core of Cybersecurity with Agentic SOCs & Auto Threat Response

Viral Alert Claims Meta AI Reads WhatsApp Chats—Fact Check Debunks It

New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

Subscribe To Our Newsletter.