【資安漏洞預警】Commvault 存在重大資安漏洞(CVE-2025-57790)
[Security Vulnerability Alert] Commvault has a major security vulnerability (CVE-2025-57790)

發布單位:圖資處數位服務組
日期範圍:2025/8/27 ~ 2026/2/27
 
發布單位:圖資處數位服務組
日期範圍:2025/8/27 ~ 2026/2/27
行政 行政公告
全體

轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202508-00000016

[內容說明]
備份與資料保護軟體廠商 CommVault,以企業級整合資料管理解決方案著稱,支援多平台、多環境的備份與還原,並提供高效的資料保護技術及雲端整合能力。近期發布重大資安漏洞公告(CVE-2025-57790,CVSS 3.x:8.8),此漏洞允許遠端攻擊者利用路徑遍歷執行未經授權的檔案系統存取,可能導致遠端程式碼執行。

[影響平台]
Commvault 11.32.0至11.32.101版本、 Commvault 11.36.0至11.36.59版本

[建議措施]
更新至 Commvault 11.32.102 (含)之後版本、Commvault 11.36.60 (含)之後版本

[參考資料]
1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html
2. https://nvd.nist.gov/vuln/detail/cve-2025-57790

Forwarded by Taiwan Computer Network Crisis and Coordination Center (TWCERTCC-200-202508-00000016)

[Description]
CommVault, a backup and data protection software vendor known for its enterprise-class integrated data management solutions, supports multi-platform and multi-environment backup and recovery, and provides efficient data protection technology and cloud integration capabilities. CommVault recently released a critical security vulnerability advisory (CVE-2025-57790, CVSS 3.x:8.8). This vulnerability allows a remote attacker to exploit path traversal to perform unauthorized file system access, potentially leading to remote code execution.

[Affected Platforms]
Commvault versions 11.32.0 to 11.32.101, Commvault versions 11.36.0 to 11.36.59

[Recommended Action]
Update to Commvault versions 11.32.102 or later, or Commvault 11.36.60 or later.

[References]
1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html
2. https://nvd.nist.gov/vuln/detail/cve-2025-57790


相關附件
system_update_alt參考資料1
system_update_alt參考資料2
【返回上頁】
Top↑