CVE-2025-1976

Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6

CVSS 8.6 HIGHEPSS 0.7%● KEVCWE-94

In short

An admin user on Brocade Fabric OS can run any code with root privileges, even though the system removed root access for regular users. This means a compromised or malicious admin account can take complete control of the system.

Technical detail

A code injection vulnerability exists in Brocade Fabric OS 9.1.0–9.1.1d6 where admin-privileged local users can bypass root access restrictions and execute arbitrary code with full root privileges. The attack requires valid admin credentials and local system access, granting unrestricted control over the affected device.

Summary generated and translated by AI from the official description.

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Brocade · Fabric OS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976