CVE-2025-58381

N/A Unknown

📋 TL;DR

This vulnerability in Brocade Fabric OS allows authenticated administrators to abuse shell commands (source, ping6, sleep, disown, wait) to manipulate path variables and perform directory traversal attacks. This affects Brocade SAN switch administrators who could potentially access unauthorized directories. The vulnerability requires admin-level authentication to exploit.

💻 Affected Systems

Products:
  • Brocade Fabric OS
Versions: All versions before 9.2.1c2
Operating Systems: Fabric OS (embedded)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where admin users have shell access; requires authenticated admin privileges.

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious administrator could traverse to sensitive system directories, access or modify configuration files, potentially leading to system compromise or data exposure.

🟠

Likely Case

Privilege escalation within the file system, allowing access to directories beyond intended scope, potentially exposing sensitive configuration or log files.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though directory traversal capabilities remain.

🌐 Internet-Facing: LOW - Fabric OS management interfaces are typically internal to SAN environments, not directly internet-facing.
🏢 Internal Only: MEDIUM - Requires authenticated admin access, but internal malicious actors or compromised admin accounts could exploit this.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Simple command abuse once authenticated as admin.

Exploitation requires admin shell access; not a remote unauthenticated vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.1c2

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36853

Restart Required: Yes

Instructions:

1. Download Fabric OS 9.2.1c2 from Broadcom support portal. 2. Backup current configuration. 3. Apply firmware update following standard Fabric OS upgrade procedures. 4. Reboot switch to complete installation.

🔧 Temporary Workarounds

Restrict shell access

all

Limit shell access to trusted administrators only and implement strict access controls.

firmwareshow
configshow

Monitor admin activities

all

Implement comprehensive logging and monitoring of admin shell commands and file access.

syslogd enable
syslogd config

🧯 If You Can't Patch

  • Implement strict role-based access control (RBAC) to limit admin shell access to essential personnel only.
  • Enable comprehensive auditing and monitoring of all admin shell activities and file access patterns.

🔍 How to Verify

Check if Vulnerable:

Run 'version' command and check if Fabric OS version is earlier than 9.2.1c2.

Check Version:

version

Verify Fix Applied:

Run 'version' command and confirm Fabric OS version is 9.2.1c2 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual shell command sequences
  • Directory traversal attempts in command logs
  • Abnormal file access patterns by admin users

Network Indicators:

  • Unusual admin session patterns
  • Multiple shell sessions from single admin account

SIEM Query:

source="fabric_os" AND (command="source" OR command="ping6" OR command="sleep" OR command="disown" OR command="wait") AND user_role="admin"

📊 Metadata

CVE ID: CVE-2025-58381
CVSS v3 Score: N/A (Unknown)
CWE: CWE-35
Published: February 3, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This