CVE-2025-1976

moderate-risk

Published 2025-04-24

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

Do I need to act?

0.95% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Fabric Operating System

Affected Vendors

Broadcom

References (2)

Vendor Advisory https://support.broadcom.com/web/ecx/support-content-notification/-/external/con...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 10/34 · Low

Exposure 5/34 · Minimal