【資安漏洞預警】Commvault 存在重大資安漏洞(CVE-2025-57790)

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Commvault 存在重大資安漏洞(CVE-2025-57790) [Security Vulnerability Alert] Commvault has a major security vulnerability (CVE-2025-57790)
公告內容	轉發台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202508-00000016 [內容說明] 備份與資料保護軟體廠商 CommVault，以企業級整合資料管理解決方案著稱，支援多平台、多環境的備份與還原，並提供高效的資料保護技術及雲端整合能力。近期發布重大資安漏洞公告(CVE-2025-57790，CVSS 3.x：8.8)，此漏洞允許遠端攻擊者利用路徑遍歷執行未經授權的檔案系統存取，可能導致遠端程式碼執行。 [影響平台] Commvault 11.32.0至11.32.101版本、 Commvault 11.36.0至11.36.59版本 [建議措施] 更新至 Commvault 11.32.102 (含)之後版本、Commvault 11.36.60 (含)之後版本 [參考資料] 1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html 2. https://nvd.nist.gov/vuln/detail/cve-2025-57790 Forwarded by Taiwan Computer Network Crisis and Coordination Center (TWCERTCC-200-202508-00000016) [Description] CommVault, a backup and data protection software vendor known for its enterprise-class integrated data management solutions, supports multi-platform and multi-environment backup and recovery, and provides efficient data protection technology and cloud integration capabilities. CommVault recently released a critical security vulnerability advisory (CVE-2025-57790, CVSS 3.x:8.8). This vulnerability allows a remote attacker to exploit path traversal to perform unauthorized file system access, potentially leading to remote code execution. [Affected Platforms] Commvault versions 11.32.0 to 11.32.101, Commvault versions 11.36.0 to 11.36.59 [Recommended Action] Update to Commvault versions 11.32.102 or later, or Commvault 11.36.60 or later. [References] 1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html 2. https://nvd.nist.gov/vuln/detail/cve-2025-57790
相關訊息	參考資料1 參考資料2
公告時間	2025/8/27 至 2026/2/27	點閱次數	45