{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T15:30:33.620","vulnerabilities":[{"cve":{"id":"CVE-2025-57789","sourceIdentifier":"050066fd-a2f9-4f32-ab5d-4c53f48bc333","published":"2025-08-20T04:16:03.847","lastModified":"2025-09-10T16:15:40.353","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured."},{"lang":"es","value":"Se detectó un problema en Commvault antes de la versión 11.36.60. Durante el breve periodo entre la instalación y el primer inicio de sesión del administrador, atacantes remotos podrían explotar las credenciales predeterminadas para obtener el control administrativo. Esto se limita a la fase de configuración, antes de configurar cualquier tarea."}],"metrics":{"cvssMetricV40":[{"source":"050066fd-a2f9-4f32-ab5d-4c53f48bc333","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"050066fd-a2f9-4f32-ab5d-4c53f48bc333","type":"Secondary","description":[{"lang":"en","value":"CWE-257"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*","versionEndExcluding":"11.36.60","matchCriteriaId":"7ABD6584-4B5A-49F4-B2FD-B53B4ECAF0C5"}]}]}],"references":[{"url":"https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html","source":"050066fd-a2f9-4f32-ab5d-4c53f48bc333","tags":["Vendor Advisory"]}]}}]}