AI description
CVE-2025-1976 is a code injection vulnerability affecting Broadcom Brocade Fabric OS. It exists in versions 9.1.0 through 9.1.1d6. The vulnerability allows a local user with administrative privileges to execute arbitrary code with full root privileges due to a flaw in IP Address validation. This vulnerability is actively being exploited. To mitigate the risk, it is recommended to update to Brocade Fabric OS version 9.1.1d7, which contains a security update to address the flaw.
- Description
- Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
- Source
- sirt@brocade.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Broadcom Brocade Fabric OS Code Injection Vulnerability
- Exploit added on
- Apr 28, 2025
- Exploit action due
- May 19, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CISA KEV 警告 25/04/28:Active! Mail/Brocade Fabric OS/Commvault Web Server を登録 https://t.co/08po9BMvJ7 Active! Mail/Brocade Fabric OS/Commvault Web Server の脆弱性が、CISA KEV に登録されました。ご利用のチームは、十分にご注意くだ
@iototsecnews
12 May 2025
176 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 تحذير صادر عن وكالة الأمن السيبراني الأمريكية (CISA) تم إدراج ثغرتين بالغتي الخطورة ضمن قائمة الثغرات المعروفة التي يتم استغلالها فعليًا (KEV)، وهما الثغر
@hiddenlockT
1 May 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 تحذير صادر عن وكالة الأمن السيبراني الأمريكية (CISA) تم إدراج ثغرتين بالغتي الخطورة ضمن قائمة الثغرات المعروفة التي يتم استغلالها فعليًا (KEV)، وهما الثغر
@hiddenlockT
1 May 2025
157 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1976 : CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks https://t.co/fnG6xz0noQ
@freedomhack101
30 Apr 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA has added CVE-2025-1976 in Broadcom and CVE-2025-3928 in Commvault to its Known Exploited list. Both allow code execution and are under active attack. Patching is critical to reduce risk. #CISA #Broadcom #Commvault #infosec #patchmanagement #vulnerabilitymanagement https://t
@CloneSystemsInc
30 Apr 2025
14 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CISA Flags Broadcom & Commvault Flaws CISA adds 2 exploited bugs to KEV list: CVE-2025-1976 in Broadcom (root access via code injection) & CVE-2025-3928 in Commvault (web shell deployment). Patches available—agencies must act by May. https://t.co/sQ5pLlcwqA #
@dCypherIO
29 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en Broadcom Brocade Fabric OS ❗CVE-2025-1976 ➡️Más info: https://t.co/hdOhpoiZfH https://t.co/H82eQL1VdB
@CERTpy
29 Apr 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) اثنين من الثغرات الأمنية العالية الخطورة في Brocade Fabric OS وCommvault Web Server إلى قاعدة بيانات الثغرات
@Cybercachear
29 Apr 2025
30 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CISA adds two actively exploited vulnerabilities to its KEV catalog: •Broadcom Brocade Fabric OS (CVE-2025-1976) •Commvault Web Server (CVE-2025-3928) Admins, patch ASAP to protect your systems! #CyberSecurity #CISA #VulnerabilityAlert https://t.co/vRIYqgNCda
@syberintel
29 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Critical VMware vCenter Server flaws — CVE-2025-1976, CVE-2025-3928 — added to Known Exploited Vulnerabilities (KEV) list. Patch immediately to protect your systems! 🔒 Details: https://t.co/7HfaQulJ5U #Cybersecurity #VMware
@_F2po_
29 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Two critical flaws — in Broadcom Fabric OS (CVE-2025-1976) and Commvault Web Server (CVE-2025-3928) — are now on the Known Exploited Vulnerabilities (KEV) list. 🔹 Both bugs are actively exploited. 🔹 Admin access can lead to full system compromise. 🔹
@TheHackersNews
29 Apr 2025
68619 Impressions
50 Retweets
113 Likes
21 Bookmarks
1 Reply
2 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-1976 #Broadcom Brocade Fabric OS Code Injection Vulnerability https://t.co/ydArbfy8iZ
@ScyScan
28 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Brocade Fabric OS, Commvault Web Server & Qualitia Active! mail vulnerabilities CVE-2025-1976, CVE-2025-3928 & CVE-2025-42599 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from c
@CISACyber
28 Apr 2025
7101 Impressions
35 Retweets
56 Likes
8 Bookmarks
2 Replies
1 Quote
🚨 Critical vulnerability in Brocade Fabric OS (CVE-2025-1976) allows admin users to gain root access via code injection. Patch now if you're using versions 9.1.0–9.1.1d6. Details ➡️ https://t.co/sSjPj4dGhD #infosec #CVE20251976 #cybersecurity
@threatsbank
25 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-1976 🔴 HIGH (8.6) 🏢 Brocade - Fabric OS 🏗️ Fabric OS versions 9.1.0 through 9.1.1d6 🔗 https://t.co/98D0ylMNzH #CyberCron #VulnAlert #InfoSec https://t.co/9zfs2KPbTi
@cybercronai
24 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1976: HIGH] Brocade Fabric OS 9.1.0+ removes root access but local admin users can still execute code with full root privileges on versions 9.1.0-9.1.1d6. #cybersecurity#cve,CVE-2025-1976,#cybersecurity https://t.co/hZm4AUykM8 https://t.co/Rkx6PQiq09
@CveFindCom
24 Apr 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Broadcom Brocade Fabric OS Code Injection Vulnerability Exploited In The wild 🚨 Vulnerability Details: CVE-2025-1976 (CVSS v3 8.6/10) Broadcom Brocade Fabric OS Code Injection Vulnerability Impact: A Successful exploit may allows a local user to escalate https://
@CyberxtronTech
23 Apr 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ABCC4B4-A839-4988-B850-1788C4EF97D5",
"versionEndExcluding": "9.1.1d7",
"versionStartIncluding": "9.1.0"
}
],
"operator": "OR"
}
]
}
]