Cyber Resilience

CVE-2025-58382

High

Published: 03 February 2026

Published
03 February 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0060 44.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-58382 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Broadcom Fabric Operating System. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-58382 is a vulnerability in the secure configuration of authentication and management services within Brocade Fabric OS versions prior to 9.2.1c2. It stems from improper handling that enables an authenticated, remote attacker possessing administrative credentials to execute arbitrary commands with root privileges. The issue is classified under CWE-305 (Incorrect Inheritance of Permissions) and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

An attacker requires valid administrative credentials and remote network access to the affected Fabric OS management interface to exploit this flaw. By leveraging specific commands such as "supportsave", "seccertmgmt", or "configupload", the attacker can escalate privileges and run arbitrary code as root, potentially leading to full system compromise, data exfiltration, or persistent access within the storage fabric environment.

Broadcom has published a security advisory addressing this vulnerability, available at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849, which details the issue and recommends upgrading to Fabric OS 9.2.1c2 or later to mitigate the risk.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Vuln directly enables authenticated admin to escalate to root via arbitrary command execution on Unix-like Fabric OS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-58383Same product: Broadcom Fabric Operating System
CVE-2025-9711Same product: Broadcom Fabric Operating System
CVE-2026-0383Same product: Broadcom Fabric Operating System
CVE-2024-5462Same product: Broadcom Fabric Operating System
CVE-2026-0869Same vendor: Broadcom
CVE-2024-5461Same product: Broadcom Fabric Operating System
CVE-2024-1509Same vendor: Broadcom
CVE-2025-12774Same vendor: Broadcom
CVE-2024-2240Same vendor: Broadcom
CVE-2024-4282Same vendor: Broadcom

Affected Assets

broadcom
fabric operating system
≤ 9.2.1c2 · 9.2.2 — 9.2.2b

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the CWE-305 permission inheritance flaw by ensuring administrative accounts cannot inherit or exercise root-level execution rights via supportsave, seccertmgmt or configupload.

prevent

Requires prompt application of the vendor patch (Fabric OS 9.2.1c2) that corrects the flawed command handling before an authenticated attacker can escalate to root.

prevent

Enforces approved authorizations on the management interface so that even valid admin credentials cannot invoke the listed commands with unintended root privileges.

References