Particle.news

Download on the App Store

Commvault Patches Four Flaws That Enable Pre‑Auth RCE Chains in On‑Prem Backup Suite

On‑prem customers face elevated exploitation risk following a detailed disclosure, prompting urgent updates.

Overview

  • Four CVEs found by watchTowr can be chained into two unauthenticated RCE paths, with one chain working against any unpatched instance.
  • Commvault’s fixes update mainline versions 11.32.0–11.32.101 and 11.36.0–11.36.59 to 11.32.102 and 11.36.60 on Linux and Windows.
  • Researchers describe an argument‑injection token bypass (CVE-2025-57791) and a path traversal enabling webshell write (CVE-2025-57790) as the broadly applicable chain.
  • The second chain relies on an info leak (CVE-2025-57788) and decryption of a built‑in admin password via a hard‑coded key (CVE-2025-57789), which requires specific installation‑era conditions.
  • Commvault says its SaaS offering is not affected, and admins are urged to patch promptly, reduce exposure, and monitor for unusual API activity and unexpected files in web directories.