CVE-2025-58380 PUBLISHED

Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command

Assigner: brocade
Reserved: 29.08.2025 Published: 03.02.2026 Updated: 03.02.2026

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 4.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	Brocade
Product	Fabric OS
Versions	Default: unaffected Version before 9.2.1 is affected

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36854

Problem Types

CWE-35: Path Traversal CWE

Impacts

CAPEC-126: Path Traversal