6.9
CVE-2025-57791
- EPSS 20.72%
- Veröffentlicht 20.08.2025 03:22:12
- Zuletzt bearbeitet 10.09.2025 16:15:40
- Quelle 050066fd-a2f9-4f32-ab5d-4c53f4
- CVE-Watchlists
- Unerledigt
LoginArgument Injection Vulnerability in CommServe
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.72% | 0.972 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| 050066fd-a2f9-4f32-ab5d-4c53f48bc333 | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html