Commvault has issued updates to fix four security vulnerabilities that could allow remote code execution on vulnerable systems. Researchers uncovered these flaws, which threat actors can exploit through two different attack chains, emphasizing the importance of timely patching. #Commvault #RemoteCodeExecution #Vulnerabilities #WatchTowrLabs #CISA
Keypoints
- Four security gaps in Commvault versions before 11.36.60 have been addressed through software updates.
- The vulnerabilities include issues like default credential exploitation and path traversal, which can lead to remote code execution.
- Threat actors can combine specific vulnerabilities to craft exploit chains for remote attack scenarios.
- Only systems with unchanged default admin passwords are vulnerable to one of the attack chains.
- These disclosures follow a prior critical flaw reported by watchTowr Labs, which CISA has listed as actively exploited.
Read More: https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html