{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-58382", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2025-08-29T21:03:16.425Z", "datePublished": "2026-02-03T01:39:55.349Z", "dateUpdated": "2026-02-04T04:55:47.119Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fabric OS", "vendor": "Brocade", "versions": [{"status": "affected", "version": "before 9.2.1c2 and 9.2.2 through 9.2.2a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using \u201csupportsave\u201d, \n\u201cseccertmgmt\u201d, \u201cconfigupload\u201d command."}], "value": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using \u201csupportsave\u201d, \n\u201cseccertmgmt\u201d, \u201cconfigupload\u201d command."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2026-02-03T02:02:25.413Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849"}], "source": {"discovery": "UNKNOWN"}, "title": "Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-58382"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T04:55:47.119Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-03T15:29:31.522871Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:29:37.536Z"}}], "cna": {"title": "Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade", "product": "Fabric OS", "versions": [{"status": "affected", "version": "before 9.2.1c2 and 9.2.2 through 9.2.2a"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using \u201csupportsave\u201d, \n\u201cseccertmgmt\u201d, \u201cconfigupload\u201d command.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using \u201csupportsave\u201d, \n\u201cseccertmgmt\u201d, \u201cconfigupload\u201d command.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2026-02-03T02:02:25.413Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58382", "state": "PUBLISHED", "dateUpdated": "2026-02-04T04:55:47.119Z", "dateReserved": "2025-08-29T21:03:16.425Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2026-02-03T01:39:55.349Z", "assignerShortName": "brocade"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BF33AB1-6140-4551-B845-D2C371194733", "versionEndExcluding": "9.2.1c2", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "09017732-F244-40E7-A4F5-DF63D9C2B3C1", "versionEndExcluding": "9.2.2b", "versionStartIncluding": "9.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using \u201csupportsave\u201d, \n\u201cseccertmgmt\u201d, \u201cconfigupload\u201d command."}], "id": "CVE-2025-58382", "lastModified": "2026-02-06T20:17:35.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2026-02-03T02:16:07.113", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "sirt@brocade.com", "type": "Secondary"}]}

{}