DOM-Based XSS Vulnerability in Broadcom's DX NetOps Spectrum for Windows and Linux
CVE-2025-69275

7.1HIGH

Key Information:

Vendor: Broadcom
Status: Dx Netops Spectrum
Vendor: CVE Published:; 12 January 2026

What is CVE-2025-69275?

A vulnerability exists in Broadcom DX NetOps Spectrum on both Windows and Linux platforms, stemming from a reliance on a vulnerable third-party component. This flaw allows for DOM-Based Cross-Site Scripting (XSS), which could potentially be exploited to inject malicious scripts into web pages viewed by users. Affected versions include DX NetOps Spectrum 24.3.9 and earlier, making it crucial for organizations using these versions to apply protective measures.

Affected Version(s)

DX NetOps Spectrum Windows 24.3.9 and earlier

DX NetOps Spectrum Windows 24.3.10 and later

References

https://support.broadcom.com/web/ecx/support-content-noti...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 12, 2026
Vulnerability Reserved
Dec 31, 2025

Credit

Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre

JSON