CVE-2025-57790
Published: 20 August 2025
Summary
CVE-2025-57790 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Commvault Commvault. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-57790 is a path traversal vulnerability tracked as CWE-36 that permits unauthorized file system access and may lead to remote code execution. It affects Commvault software and received a CVSS 4.0 score of 8.7 reflecting a network attack vector, low complexity, and low-privileged access requirements that result in high impact to confidentiality, integrity, and availability.
Remote attackers holding limited privileges can exploit the flaw over the network to read or write arbitrary files and potentially achieve code execution on the target system.
The Commvault security advisory published at https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html addresses mitigation and available patches.
The associated EPSS score rose from a lower baseline to a peak of 0.5978 on 2026-01-13 before receding to the current value of 0.4609, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25256
Vulnerability details
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in a remotely accessible Commvault component directly enables T1190 (Exploit Public-Facing Application) with subsequent high-impact file-system access and RCE potential.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents path traversal attacks by validating and sanitizing file path inputs to block unauthorized file system access.
Ensures timely identification, reporting, and patching of the specific path traversal vulnerability as detailed in the Commvault advisory.
Enforces logical access controls to restrict low-privilege users from unauthorized file system access despite path traversal attempts.