CVE-2025-58382 PUBLISHED

Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a

Assigner: brocade
Reserved: 29.08.2025 Published: 03.02.2026 Updated: 03.02.2026

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor Brocade
Product Fabric OS
Versions Default: unaffected
  • Version before 9.2.1c2 and 9.2.2 through 9.2.2a is affected

References

Problem Types

  • CWE-305: Authentication Bypass by Primary Weakness CWE

Impacts

  • CAPEC-115 Authentication Bypass