CVE-2025-1976

unknown KEV

Published 2025-04-28 · Modified 2025-04-28

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.

CISA KEV

Vendor: Broadcom
Product: Brocade Fabric OS
Due date: 2025-05-19

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 ; https://nvd.nist.gov/vuln/detail/CVE-2025-1976

Exploits

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 ; https://nvd.nist.gov/vuln/detail/CVE-2025-1976

Verify integrity in audit chain (admin only). AS-IS.