cbcvebase.
CVE-2025-1976
published 2025-04-24

CVE-2025-1976: Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with…

PriorityP179medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-05-19
Exploited in the wild
EPSS
0.74%
49.8th percentile
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

Affected

8 ranges
VendorProductVersion rangeFixed in
broadcomfabric_operating_system>= 9.1.0 < 9.1.1d79.1.1d7
brocadefabric_os
msrccbl2_kernel_5.15.70.1-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_kernel_5.10.144.1-1_on_cbl_mariner_1.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-1976 is confirmed actively exploited in the field against Brocade Fabric OS versions 9.1.0 through 9.1.1d6; treat any admin-level activity on these versions as high-risk and prioritize alerting.
  • Classify CVE-2025-1976 as a code injection vulnerability enabling full root privilege escalation from an admin account on affected Brocade Fibre Channel switches managing SANs; audit all admin-role accounts on affected devices.
  • ·Only Fabric OS versions 9.1.0 through 9.1.1d6 are affected; version 9.1.1d7 contains the fix and the 9.2.0 branch is not impacted — scope detection rules accordingly.
  • ·Exploitation requires a pre-existing valid local account with admin-role privileges; this is not a remote unauthenticated vector, so detection should focus on privileged insider or compromised admin credential scenarios.
  • ·Broadcom's advisory (https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602) is the authoritative vendor source for patch and mitigation details; CISA remediation deadline is 2025-05-19.

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.6HIGH
cisa8.6HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.