CVE-2025-69272
Published: 12 January 2026
Summary
CVE-2025-69272 is a medium-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Broadcom Dx Netops Spectrum. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2025-69272 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in Broadcom DX NetOps Spectrum, affecting versions 21.2.1 and earlier on Windows and Linux platforms. The flaw enables sniffing attacks by transmitting sensitive information without encryption, earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). This indicates network-accessible exploitation with low complexity, no privileges or user interaction required, and high impact on confidentiality.
Attackers on the same network as the affected DX NetOps Spectrum instance can exploit this vulnerability remotely without authentication. By passively monitoring or sniffing network traffic, they can capture sensitive data transmitted in cleartext, potentially exposing configuration details, credentials, or other proprietary information managed by the software.
Broadcom has published a security advisory detailing the issue at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756, which security practitioners should consult for mitigation guidance, including available patches or workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1946
Vulnerability details
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Cleartext transmission of sensitive data (CWE-319) directly enables passive network sniffing (T1040) to capture credentials/configuration without encryption or authentication.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-8 directly enforces confidentiality protections for transmitted information, mitigating cleartext transmission vulnerable to sniffing attacks.
SI-2 requires timely remediation of identified flaws, including patching this CVE to eliminate the cleartext transmission vulnerability.
SC-13 implements cryptographic mechanisms to protect the confidentiality of sensitive information during transmission, countering sniffing of unencrypted data.