CVE-2025-58380 – This vulnerability allows authenticated adminis... (How to Fix)

Q: What is the severity of CVE-2025-58380?

CVE-2025-58380 has a CVSS score of N/A (Unknown). This vulnerability allows authenticated administrators on Brocade Fabric OS to use the 'grep' shell command for directory traversal, potentially accessing or modifying files outside intended directories. It affects Brocade Fabric OS versions before 9.2.1 where admin users have shell access.

📋 TL;DR

This vulnerability allows authenticated administrators on Brocade Fabric OS to use the 'grep' shell command for directory traversal, potentially accessing or modifying files outside intended directories. It affects Brocade Fabric OS versions before 9.2.1 where admin users have shell access.

💻 Affected Systems

Products:

Brocade Fabric OS

Versions: All versions before 9.2.1

Operating Systems: Fabric OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated admin user with shell access; not all admin users may have shell privileges depending on configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Admin privilege escalation leading to complete system compromise, configuration file modification, credential theft, or firmware corruption.

🟠

Likely Case

Unauthorized file access, configuration changes, or privilege abuse by malicious insiders or compromised admin accounts.

🟢

If Mitigated

Limited impact if proper access controls, monitoring, and least privilege principles are enforced.

🌐 Internet-Facing: LOW (requires authenticated admin access, typically not internet-facing)

🏢 Internal Only: MEDIUM (requires authenticated admin access but poses insider threat risk)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated admin access and knowledge of directory traversal techniques via grep command.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.1 or later

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36854

Restart Required: Yes

Instructions:

1. Download Fabric OS 9.2.1 or later from Broadcom support portal. 2. Backup current configuration. 3. Apply firmware update following vendor documentation. 4. Reboot the switch. 5. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict shell access

all

Limit shell access to only necessary admin accounts

userconfig --modify <username> -a shellaccess false

Monitor grep usage

all

Implement logging and alerting for grep command usage by admin users

🧯 If You Can't Patch

Implement strict access controls and monitor all admin shell sessions
Apply network segmentation to limit switch management interface exposure

🔍 How to Verify

Check if Vulnerable:

Check Fabric OS version with 'version' command; if below 9.2.1, system is vulnerable

Check Version:

version

Verify Fix Applied:

Run 'version' command and confirm version is 9.2.1 or higher

📡 Detection & Monitoring

Log Indicators:

Admin user executing grep commands with path traversal patterns (../)
Unusual file access patterns from admin sessions

Network Indicators:

Unusual management traffic patterns to/from switch

SIEM Query:

source="fabric-os-logs" AND (command="grep" AND (path="*../*" OR path="*..\\*"))

📊 Metadata

CVE ID: CVE-2025-58380

CVSS v3 Score: N/A (Unknown)

CWE: CWE-35

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36854