Forwarded by Taiwan Computer Network Crisis and Coordination Center (TWCERTCC-200-202508-00000016)

[Description]
CommVault, a backup and data protection software vendor known for its enterprise-class integrated data management solutions, supports multi-platform and multi-environment backup and recovery, and provides efficient data protection technology and cloud integration capabilities. CommVault recently released a critical security vulnerability advisory (CVE-2025-57790, CVSS 3.x:8.8). This vulnerability allows a remote attacker to exploit path traversal to perform unauthorized file system access, potentially leading to remote code execution.

[Affected Platforms]
Commvault versions 11.32.0 to 11.32.101, Commvault versions 11.36.0 to 11.36.59

[Recommended Action]
Update to Commvault versions 11.32.102 or later, or Commvault 11.36.60 or later.

[References]
1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html
2. https://nvd.nist.gov/vuln/detail/cve-2025-57790