{"id":2978,"date":"2025-04-29T11:45:15","date_gmt":"2025-04-29T11:45:15","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2978"},"modified":"2025-04-29T11:45:15","modified_gmt":"2025-04-29T11:45:15","slug":"brocade-fabric-os-flaw-could-allow-code-injection-attacks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2978","title":{"rendered":"Brocade Fabric OS flaw could allow code injection attacks"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A high severity flaw affecting Broadcom\u2019s Brocade Fabric OS (FOS) has allowed attackers to run arbitrary code on affected environments with full root-level privileges.<\/p>\n

The flaw, tracked as CVE-2025-1976, is particularly dangerous as it can allow complete takeover of FOS devices, including Fibre switches and directors, which are core to Storage Area Networks (SAN<\/a>s), potentially enabling attackers to modify system files, configuration data, firmware, security mechanisms, and install persistent malware<\/a>.<\/p>\n

\u201cBrocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privilege on Fabric OS versions 9.1.0 through 9.1.1d6,\u201d reads a Broadcom description<\/a>.<\/p>\n

Broadcom has issued a fix through the Brocade FOS 9.1.1d7 update.<\/p>\n

CISA tags the flaw as actively exploited<\/h2>\n

CISA added CVE-2025-1976, along with two others, to its Known Exploited Vulnerabilities (KEV) Catalog. \u201cThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,\u201d it said in an advisory<\/a>.<\/p>\n

The flaw, which received a severity rating of CVSS 8.6 out of 10, arises from improper input validation, the company said in an advisory<\/a>. \u201cThrough a flaw in IP Address validation, a local user, assigned one of the pre-defined admin roles or a user-defined role with admin-level privileges, can execute arbitrary code as if they had full root-level access.\u201d<\/p>\n

Attackers exploiting the flaw could run any existing FOS command or even alter the OS itself by injecting custom subroutines. While the exploit does require initial access to an admin-level account, the company confirmed the vulnerability has already been seen in active use in real-world attacks.<\/p>\n

Brocade FOS versions 9.2.0 and later, Brocade ASCG, and Brocade SANnav products are not impacted, as per the advisory. CISA recommended that Federal Civilian Executive Branch (FCEB) agencies promptly patch the vulnerability as per BOD 22-01<\/a> directive.<\/p>\n

<\/a>Same KEV update included a Commvault flaw<\/h2>\n

CISA also added a high severity bug\u2013CVSS 8.7\/10\u2013 affecting Commvault Web Server to its KEV Catalog, recommending patching under the same BOD directive.<\/p>\n

The flaw, tracked as CVE-2025-3928, is an unspecified vulnerability that can be exploited by a remote, authenticated attacker to execute webshells. All versions before 11.36.46, 11.32.89, 11.28.141, and 11.20.217 are affected and must be upgraded to the latest versions.<\/p>\n

\u201cExploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment,\u201d the company said in an advisory<\/a>. \u201cUnauthenticated access is not exploitable.\u201d The vulnerability affects and must be resolved on Commvault\u2019s CommServe, Web Servers, and Command Center, while client computers remain unaffected.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A high severity flaw affecting Broadcom\u2019s Brocade Fabric OS (FOS) has allowed attackers to run arbitrary code on affected environments with full root-level privileges. The flaw, tracked as CVE-2025-1976, is particularly dangerous as it can allow complete takeover of FOS devices, including Fibre switches and directors, which are core to Storage Area Networks (SANs), potentially […]<\/p>\n","protected":false},"author":0,"featured_media":2977,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2978","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2978"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2978"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2978\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2977"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}