Rule Library

Sigma Rules

1 rule found for "CVE-2025-57790"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Commvault QOperation Path Traversal Webshell Drop (CVE-2025-57790)

Detects the use of qoperation.exe with the -file argument to write a JSP file to the webroot, indicating a webshell drop. This is a post-authentication step corresponding to CVE-2025-57790.

WindowsProcess Creation

Swachchhanda Shrawan Poudel (Nextron Systems)Mon Oct 202025