CommVault - Authentication Bypass (CVE-2025-57788)
16Exploiting IPs reported
An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.
CrowdSec analysis
CVE-2025-57788 is a critical authentication bypass vulnerability in the Commvault software, allowing unauthenticated attackers to execute API calls without requiring user credentials.
CrowdSec has been tracking this vulnerability and its exploits since 25th of August 2025.
Data from the CrowdSec community indicates that exploitation of CVE-2025-57788 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-57788 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-57788 is currently experiencing high visibility and active exploitation across the internet.
Attackers exploit the vulnerable API endpoints by sending crafted requests, enabling unauthorized access and potential data exfiltration. Probing for common API paths, especifically echo endpoints, can help identify vulnerable instances.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.