WatchTowr Labs | Breaking Cybersecurity News | The Hacker News

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials CVE-2025-57789 (CVSS score: 5.3) - A vulnerability during the setup phase between installation and the first administrator login that allows remote attackers to exploit the default credentials to gain admin control CVE-2025-57790 (CVSS score: 8.7) - A path traversal vulnerability that allows remote attackers to perform unauthorized file system access through a path traversal issue, resulting in remote code execution CVE-2025-57791 (CVSS score: 6.9) - A vulnerability that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 (CVSS score: 9.3) - An improper restriction of XML external entity (XXE) reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives CVE-2025-2776 (CVSS score: 9.3) - An improper restriction of XML external entity (XXE) reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives Both shortcomings were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott back in May, alongside CVE-2025-2777 (CVSS score: 9.3), a pre-authenticated XXE within the /lshw endpoint. The three vulnerabilities were addressed by SysAid in the on-pre...

Cybersecurity researchers have disclosed multiple security flaws in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity ( XXE ) injections, which occur when an attacker is able to successfully interfere with an application's parsing of XML input. This, in turn, could permit attackers to inject unsafe XML entities into the web application, allowing them to carry out a Server-Side Request Forgery ( SSRF ) attack and in worst cases, remote code execution. A description of the three vulnerabilities, according to watchTowr Labs researchers Sina Kheirkhah and Jake Knott, is as follows - CVE-2025-2775 and CVE-2025-2776 - A pre-authenticated XXE within the /mdm/checkin endpoint CVE-2025-2777 - A pre-authenticated XXE within the /lshw endpoint watchTowr ...