← voltar
CVE-2025-57788

Unauthorized API Access Risk

CVSS 6.9 MEDIUMEPSS 2.7%CWE-259
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Commvault · CommCell

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://documentation.commvault.com/securityadvisories/CV_2025_08_3.htmlhttps://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/#wt-2025-0047hardcoded-credentials