Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited

A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability, tracked as CVE-2025-1976, allows a local user with admin privileges to potentially execute arbitrary code with full root privileges.

The security flaw lies within the IP Address validation process of Brocade Fabric OS. According to the advisory, “a local user, assigned one of the pre-defined admin roles or a user-defined role with admin-level privileges, can execute arbitrary code as if they had full root level access.”

This vulnerability is particularly severe because it grants attackers the ability to execute any existing Fabric OS command and even modify the Fabric OS itself, including adding their own subroutines.

The advisory classifies this vulnerability as CRITICAL, with a CVSSv4 score of 8.6. Even though exploiting this vulnerability requires a user to already have valid access to an admin role, the advisory emphasizes that it “has been actively exploited in the field,” highlighting the urgency of addressing this issue.

The following Brocade Fabric OS versions are affected:

Brocade Fabric OS versions 9.1.0 through 9.1.1d6

The solution to the CVE-2025-1976 vulnerability is to update to Brocade Fabric OS version 9.1.1d7, which contains a security update to address the flaw.

The advisory also notes that versions of Fabric OS prior to 9.1.0 allow the switch ADMIN role to directly access root. Brocade PSIRT strongly recommends that customers upgrade to a version of Fabric OS that has removed root access for enhanced security.

Users of affected Brocade Fabric OS versions should upgrade to version 9.1.1d7 as soon as possible to mitigate the risk of exploitation. It is also recommended to review user roles and permissions to adhere to the principle of least privilege.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply