What is CVE-2025-57788?

CVE-2025-57788 is a vulnerability in Commvault Commcell, classified under Use of Hard-coded Password. Published 2025-08-20.

Is CVE-2025-57788 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Commvault Commcell

CVE-2025-57788

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

EPSS: 0.807 (99.2th percentile) — read the EPSS interpretation.

Affected products

Commvault Commcell — versions 11.32.0, 11.36.0

Weakness classification (CWE)

CWE-259 — Use of Hard-coded Password

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

documentation.commvault.com/securityadvisories/CV_2025_08_3.html

Frequently asked questions

What is CVE-2025-57788?: CVE-2025-57788 is a vulnerability in Commvault Commcell, classified under Use of Hard-coded Password. Published 2025-08-20.
Is CVE-2025-57788 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.