Code Execution Vulnerability in Brocade Fabric OS by Broadcom
CVE-2025-1976
Key Information:
Badges
What is CVE-2025-1976?
CVE-2025-1976 is a critical vulnerability found in the Brocade Fabric OS, a network operating system designed for managing and optimizing storage and data traffic within data center environments. This vulnerability allows a local user with administrative privileges to execute arbitrary code with full root access on affected versions of Fabric OS, specifically from 9.1.0 to 9.1.1d6. The ability to execute such code can grant unauthorized control over network infrastructure, which can lead to severe disruptions and security breaches within an organization.
Technical Details
Brocade Fabric OS versions starting from 9.1.0 have a configuration that removes root access under normal operating conditions. However, the vulnerability remains due to flaws in privilege management, allowing an authorized admin user to leverage their access to execute arbitrary code with elevated privileges. This could potentially lead to severe security incidents, especially in organizations that rely heavily on Brocade's technology for critical network operations.
Potential impact of CVE-2025-1976
-
Unauthorized System Control: Attackers could gain control over critical network systems, allowing them to manipulate data traffic and system operations, potentially leading to denial-of-service conditions or unauthorized data access.
-
Data Breaches: The execution of arbitrary code could expose sensitive organizational data, leading to data theft or loss of confidentiality, which can have significant legal and financial repercussions.
-
Increased Attack Surface: As this vulnerability can be exploited by any local user with administrative rights, it increases the risk of insider threats or unintentional misuse of privileges, heightening the overall risk profile for organizations that utilize Fabric OS.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Fabric OS Fabric OS versions 9.1.0 through 9.1.1d6
News Articles

CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog
CISA officially added a significant security flaw affecting Broadcom’s Brocade Fabric OS to its authoritative Known Exploited Vulnerabilities (KEV) Catalog, underscoring the urgent need for remediation across enterprise and government environments.
1 week ago
CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
1 week ago

CISA Adds Broadcom Brocade Fabric OS Flaw to Known Exploited Vulnerabilities List
CISA)has issued an urgent security advisory after adding a critical Broadcom Brocade Fabric OS vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
1 week ago
References
CVSS V4
Timeline
- 📈
Vulnerability started trending
- 📰
First article discovered by CSO Online
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved