CVE-2025-69269 — OS Command Injection in DX Netops Spectrum

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 63.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom DX Netops Spectrum

Timeline

PublishedJan 12

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

Affected Packages2 packages

▶NVDbroadcom/dx_netops_spectrum< 23.3.7

▶CVEListV5broadcom/dx_netops_spectrum23.3.6 and earlier

🔴Vulnerability Details

GHSA

GHSA-7v62-cqvq-27h8: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Li↗2026-01-12

▶

CVEList

Spectrum command injection in NCM service↗2026-01-12

▶