CVE-2025-58379

N/A Unknown

📋 TL;DR

This vulnerability in Brocade Fabric OS allows local authenticated users with lower privileges to view command line passwords and access sensitive information that should be restricted to higher-privileged accounts. It affects Brocade SAN switches running vulnerable Fabric OS versions. Attackers must already have authenticated access to the system.

💻 Affected Systems

Products:
  • Brocade SAN switches with Fabric OS
Versions: All versions before 9.2.1
Operating Systems: Fabric OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Brocade SAN switches running vulnerable Fabric OS versions. Requires local authenticated access.

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with low-privilege access could escalate privileges to administrative level, gain full control of SAN switches, potentially disrupt storage networks, access sensitive data, or pivot to other systems.

🟠

Likely Case

Malicious insiders or compromised low-privilege accounts could view administrative passwords, potentially leading to privilege escalation and unauthorized access to sensitive SAN configuration and data.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized users who might accidentally or intentionally view passwords they shouldn't see.

🌐 Internet-Facing: LOW - This requires local authenticated access, making internet-facing exploitation unlikely unless management interfaces are exposed.
🏢 Internal Only: HIGH - This poses significant risk in internal environments where attackers could gain initial access through phishing, compromised accounts, or insider threats.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but appears to be simple command execution. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.1 or later

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36850

Restart Required: Yes

Instructions:

1. Download Fabric OS 9.2.1 or later from Broadcom support portal. 2. Backup current configuration. 3. Upload and install the new firmware using 'firmwareDownload' command. 4. Reboot the switch. 5. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Restrict command access

all

Limit which users can execute commands that may expose passwords

Configure role-based access control to restrict command execution

Monitor command execution

all

Enable auditing of command execution to detect suspicious activity

Enable syslog auditing: 'syslog -enable'
Configure audit policies: 'auditpolicy -enable all'

🧯 If You Can't Patch

  • Implement strict role-based access control to limit which users can execute sensitive commands
  • Enable comprehensive logging and monitoring of all command execution on affected switches

🔍 How to Verify

Check if Vulnerable:

Check Fabric OS version with 'version' command. If version is below 9.2.1, system is vulnerable.

Check Version:

version

Verify Fix Applied:

After patching, run 'version' command to confirm version is 9.2.1 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution by low-privilege users
  • Multiple failed privilege escalation attempts
  • Commands that may expose password information

Network Indicators:

  • Unusual management traffic patterns
  • Unexpected configuration changes

SIEM Query:

source="brocade_switch" AND (event_type="command_execution" AND user_role="low_privilege" AND command="*password*" OR command="*sensitive*")

📊 Metadata

CVE ID: CVE-2025-58379
CVSS v3 Score: N/A (Unknown)
CWE: CWE-250
Published: February 3, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This