CVE-2025-1976 | THREATINT

Description

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

PUBLISHED Reserved 2025-03-04 | Published 2025-04-24 | Updated 2026-02-26 | Assigner brocade

HIGH: 8.6CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA Known Exploited Vulnerability

Date added 2025-04-28 | Due date 2025-05-19

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

Fabric OS versions 9.1.0 through 9.1.1d6

affected

References

www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2025-1976 government-resource

support.broadcom.com/...l/content/SecurityAdvisories/0/25602

cve.org (CVE-2025-1976)

nvd.nist.gov (CVE-2025-1976)

Download JSON