CVE-2025-1976
MEDIUM KEVBrocade Fabric OS <9.1.1d6 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2025-1976 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 28, 2025.
Description
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
References (2)
Core 2
Core References
Vendor Advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1976
Scores
CVSS v3
6.7
EPSS
0.0075
EPSS Percentile
73.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-04-28
VulnCheck KEV
2025-04-17
ENISA EUVD
EUVD-2025-12147
CWE
CWE-78
CWE-94
Status
published
Products (1)
broadcom/fabric_operating_system
9.1.0 - 9.1.1d7
Published
Apr 24, 2025
KEV Added
Apr 28, 2025
Tracked Since
Feb 18, 2026