CVE-2025-1976
Published: 24 April 2025
Summary
CVE-2025-1976 is a high-severity Code Injection (CWE-94) vulnerability in Broadcom Fabric Operating System. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 24.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Brocade Fabric OS versions 9.1.0 through 9.1.1d6 contain a vulnerability that allows a local user with admin privileges to execute arbitrary code with full root privileges. The issue persists even though root access was removed beginning with version 9.1.0, and it is associated with improper control of code generation and OS command injection weaknesses.
An authenticated local administrator can leverage the flaw to bypass intended privilege restrictions and obtain unrestricted root-level code execution on affected Fabric OS installations. The attack requires adjacent network access or local presence but does not need user interaction beyond existing admin credentials.
Broadcom has published a security advisory detailing the affected releases, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, indicating that mitigation through patching or configuration changes is required for exposed systems.
The EPSS score remains low with only minimal movement between its recorded peak and current value, providing no strong signal of widespread exploitation interest beyond the confirmed listings in public catalogs.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-12147
Vulnerability details
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
- CWE(s)
- KEV Date Added
- 28 April 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of known exploitable flaws such as the command-injection defect in Fabric OS 9.1.0-9.1.1d6.
Mandates validation of all input to block the OS command injection and improper code-generation paths used by the CVE.
Enforces the intended restriction that removes root access, preventing the admin-to-root escalation the vulnerability bypasses.