CVE-2025-69269

CRITICAL

Broadcom DX Netops Spectrum < 23.3.7 - OS Command Injection

Title source: rule

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

References (1)

[Vendor Advisory] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756

Scores

CVSS v3 9.8

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (1)

broadcom/dx_netops_spectrum < 23.3.7

Timeline

Published Jan 12, 2026

Tracked Since Feb 18, 2026