Cyber Resilience

CVE-2025-69272

Medium

Published: 12 January 2026

Published
12 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69272 is a medium-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Broadcom Dx Netops Spectrum. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-69272 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in Broadcom DX NetOps Spectrum, affecting versions 21.2.1 and earlier on Windows and Linux platforms. The flaw enables sniffing attacks by transmitting sensitive information without encryption, earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). This indicates network-accessible exploitation with low complexity, no privileges or user interaction required, and high impact on confidentiality.

Attackers on the same network as the affected DX NetOps Spectrum instance can exploit this vulnerability remotely without authentication. By passively monitoring or sniffing network traffic, they can capture sensitive data transmitted in cleartext, potentially exposing configuration details, credentials, or other proprietary information managed by the software.

Broadcom has published a security advisory detailing the issue at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756, which security practitioners should consult for mitigation guidance, including available patches or workarounds.

EU & UK References

Vulnerability details

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Cleartext transmission of sensitive data (CWE-319) directly enables passive network sniffing (T1040) to capture credentials/configuration without encryption or authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-69271Same product: Broadcom Dx Netops Spectrum
CVE-2025-69269Same product: Broadcom Dx Netops Spectrum
CVE-2025-69270Same product: Broadcom Dx Netops Spectrum
CVE-2025-69273Same product: Broadcom Dx Netops Spectrum
CVE-2025-69274Same product: Broadcom Dx Netops Spectrum
CVE-2025-69276Same product: Broadcom Dx Netops Spectrum
CVE-2026-30796Same product: Linux Linux Kernel
CVE-2026-30795Same product: Linux Linux Kernel
CVE-2025-13718Same product: Linux Linux Kernel
CVE-2026-23661Same vendor: Microsoft

Affected Assets

broadcom
dx netops spectrum
≤ 21.2.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-8 directly enforces confidentiality protections for transmitted information, mitigating cleartext transmission vulnerable to sniffing attacks.

prevent

SI-2 requires timely remediation of identified flaws, including patching this CVE to eliminate the cleartext transmission vulnerability.

prevent

SC-13 implements cryptographic mechanisms to protect the confidentiality of sensitive information during transmission, countering sniffing of unencrypted data.

References