CVE-2025-1976

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

History

24 Oct 2025, 12:56

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976 - US Government Resource

21 Oct 2025, 23:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976 -

21 Oct 2025, 20:20

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:21

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976 -

29 Apr 2025, 19:49

Type	Values Removed	Values Added
CPE		cpe:2.3:o:broadcom:fabric_operating_system::::::::
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 - Vendor Advisory
First Time		Broadcom fabric Operating System Broadcom
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7
CWE		CWE-78

29 Apr 2025, 01:00

Type	Values Removed	Values Added
Summary		(es) Las versiones de Brocade Fabric OS que comienzan con 9.1.0 tienen acceso de root eliminado, sin embargo, un usuario local con privilegios de administrador puede potencialmente ejecutar código arbitrario con privilegios de root completos en las versiones de Fabric OS 9.1.0 a 9.1.1d6.

24 Apr 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-24 03:15

Updated : 2025-10-24 12:56

NVD link : CVE-2025-1976

Mitre link : CVE-2025-1976

CVE.ORG link : CVE-2025-1976

JSON object : View

Products Affected

broadcom

fabric_operating_system

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

6.7 /10