Cyber Resilience

CVE-2025-69269

HighRCE

Published: 12 January 2026

Published
12 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0079 51.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-69269 is a high-severity OS Command Injection (CWE-78) vulnerability in Broadcom Dx Netops Spectrum. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-69269 is an improper neutralization of special elements used in an OS command, classified as an OS Command Injection vulnerability (CWE-78), affecting Broadcom DX NetOps Spectrum versions 23.3.6 and earlier on both Windows and Linux platforms. Published on 2026-01-12, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as a critical issue due to its potential for severe impact.

The vulnerability enables exploitation over the network with low complexity, requiring no privileges, authentication, or user interaction. Attackers can remotely inject and execute arbitrary operating system commands on the affected system, potentially leading to complete compromise with high impacts on confidentiality, integrity, and availability.

Mitigation guidance and patch information are detailed in the Broadcom security advisory available at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS Command Injection in a network-accessible service enables exploitation of public-facing applications (T1190) to execute arbitrary OS commands via command interpreters (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-69273Same product: Broadcom Dx Netops Spectrum
CVE-2025-69270Same product: Broadcom Dx Netops Spectrum
CVE-2025-69274Same product: Broadcom Dx Netops Spectrum
CVE-2025-23316Same product: Linux Linux Kernel
CVE-2025-69272Same product: Broadcom Dx Netops Spectrum
CVE-2025-69271Same product: Broadcom Dx Netops Spectrum
CVE-2025-69276Same product: Broadcom Dx Netops Spectrum
CVE-2025-9588Same product: Linux Linux Kernel
CVE-2024-41783Same product: Linux Linux Kernel
CVE-2025-23317Same product: Linux Linux Kernel

Affected Assets

broadcom
dx netops spectrum
≤ 23.3.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly mitigates OS command injection (CWE-78) by requiring validation and neutralization of special elements in inputs before they are used in OS commands.

prevent

SI-2 requires timely remediation of known flaws, directly addressing CVE-2025-69269 through patching as specified in the Broadcom advisory.

prevent

RA-5 ensures vulnerabilities like CVE-2025-69269 are identified via scanning and remediated based on risk, preventing exploitation.

References