CVE-2025-57789

UNKNOWN 0.0

Vulnerability in Initial Administrator Login Process

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

CWE	CWE-257
Vendor	commvault
Product	commcell
Published	Aug 20, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for commvault commcell

Be the first to know when new unknown vulnerabilities affecting commvault commcell are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Commvault / CommCell

11.32.0 ≤ 11.32.101 11.36.0 ≤ 11.36.59

References

NVD ↗ CVE.org ↗ EPSS Data ↗

documentation.commvault.com: https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html

Credits

Sonny and Piotr Bazydlo (@chudyPB) of watchTowr