Cyber Posture

CVE-2025-69274

High

Published: 12 January 2026

Published
12 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69274 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Broadcom Dx Netops Spectrum. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the authorization bypass flaw through vendor-provided patches.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, preventing privilege escalation via user-controlled keys.

AC-6 Least Privilege partial match
prevent

Limits the scope and impact of privilege escalation by employing least privilege for low-privileged users required to exploit the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Authorization bypass (CWE-639) with network vector and low-priv requirement directly enables remote exploitation of a service (T1190) leading to privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Deeper analysisAI

CVE-2025-69274 is an Authorization Bypass Through User-Controlled Key vulnerability (CWE-639) in Broadcom DX NetOps Spectrum on Windows and Linux platforms. This flaw allows privilege escalation and affects DX NetOps Spectrum versions 24.3.10 and earlier. Published on 2026-01-12, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility and significant impacts.

An attacker requires only low privileges to exploit this vulnerability remotely over the network, with low attack complexity and no user interaction needed. Successful exploitation enables privilege escalation, resulting in high impacts to confidentiality, integrity, and availability within the affected system.

Broadcom has published a security advisory with mitigation guidance at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756. Security practitioners should consult this resource for patching instructions and workarounds applicable to vulnerable deployments.

Details

CWE(s)
CWE-639

Affected Products

broadcom
dx netops spectrum
≤ 24.3.11

CVEs Like This One

CVE-2025-69273Same product: Broadcom Dx Netops Spectrum
CVE-2025-69276Same product: Broadcom Dx Netops Spectrum
CVE-2025-69270Same product: Broadcom Dx Netops Spectrum
CVE-2025-69269Same product: Broadcom Dx Netops Spectrum
CVE-2025-69272Same product: Broadcom Dx Netops Spectrum
CVE-2025-69271Same product: Broadcom Dx Netops Spectrum
CVE-2025-10226Same product: Linux Linux Kernel
CVE-2026-24178Same product: Linux Linux Kernel
CVE-2025-14974Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel

References