CVE-2025-1976 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Broadcom Brocade Fabric OS Code Injection Vulnerability

Exploit added

April 28, 2025

Action due

May 19, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602

Weakness Enumeration

CWE-ID	CWE Name
CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE-94	Improper Control of Generation of Code (‘Code Injection’)

Known Affected Software Configurations

cpe:2.3:o:broadcom:fabric_operating_system:9.1.1d1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.1.1d2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.1.1d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.0a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.0b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.0c1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.0c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.1a1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.1a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.1b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.2.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.3d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.1.1c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.1.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.3.1d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2h:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2e:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2h:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.3a1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.3a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.0.1a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:5.2.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.3:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.0.0:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.0.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:5.0.5b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:5.2.0a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1e:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2f:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2g:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.1a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.1b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2f:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.1a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2e:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2f:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2j:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2k:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.0a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1e:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.0.0a:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:9.0.0b:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:2.1.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:2.2:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:3.1:::::::*
cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:cbn3::::::
cpe:2.3:o:broadcom:fabric_operating_system:-:::::::*

Details

Source:
NVD

Published:
April 24, 2025

Updated:
April 29, 2025

Risk information

CVSS v3

Base score:
6.7

Severity:

MEDIUM

Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined