Improper ACL Handling in DX Unified Infrastructure Management by Broadcom
CVE-2025-10847

8.4HIGH

Key Information:

Vendor: Broadcom
Status: Unified Infrastructure Management
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-10847?

The DX Unified Infrastructure Management (formerly known as Nimsoft/UIM) contains a vulnerability related to improper handling of Access Control Lists (ACLs) within its robot (controller) component. This security flaw could enable a remote attacker to execute arbitrary commands, as well as read from or write data to the affected system without appropriate authorization, thereby compromising system integrity and data confidentiality.

Affected Version(s)

Unified Infrastructure Management 23.4.5

References

https://support.broadcom.com/web/ecx/support-content-noti...

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Sep 22, 2025

Credit

Australian Signals Directorate (Cyber.gov.au)

JSON