CVE-2025-58382 – This vulnerability in Brocade Fabric OS allows ... (How to Fix)

Q: What is the severity of CVE-2025-58382?

CVE-2025-58382 has a CVSS score of N/A (Unknown). This vulnerability in Brocade Fabric OS allows authenticated remote attackers with administrative credentials to execute arbitrary commands as root using specific commands. It affects Brocade SAN switches running vulnerable Fabric OS versions. Attackers need administrative access but can then escalate to full root privileges.

📋 TL;DR

This vulnerability in Brocade Fabric OS allows authenticated remote attackers with administrative credentials to execute arbitrary commands as root using specific commands. It affects Brocade SAN switches running vulnerable Fabric OS versions. Attackers need administrative access but can then escalate to full root privileges.

💻 Affected Systems

Products:

Brocade SAN switches with Fabric OS

Versions: All versions before Fabric OS 9.2.1c2

Operating Systems: Fabric OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative credentials to exploit. Affects all configurations running vulnerable Fabric OS versions.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the SAN switch with root access, allowing data exfiltration, network disruption, or lateral movement to connected storage systems.

🟠

Likely Case

Privilege escalation from administrative user to root, enabling unauthorized configuration changes, credential harvesting, or persistence mechanisms.

🟢

If Mitigated

Limited impact if administrative access is properly restricted and monitored, though still represents a privilege escalation risk.

🌐 Internet-Facing: LOW (requires administrative credentials and typically these systems are not internet-facing)

🏢 Internal Only: HIGH (if administrative credentials are compromised within the network)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW (once administrative credentials are obtained)

Exploitation requires administrative access first, then uses built-in commands to achieve root execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fabric OS 9.2.1c2 or later

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849

Restart Required: Yes

Instructions:

1. Download Fabric OS 9.2.1c2 or later from Broadcom support portal. 2. Backup current configuration. 3. Apply firmware update following vendor documentation. 4. Reboot switch. 5. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit administrative account access to only trusted users and networks

Monitor command usage

all

Implement logging and alerting for 'supportsave', 'seccertmgmt', and 'configupload' commands

🧯 If You Can't Patch

Implement strict network segmentation to isolate SAN switches from general network traffic
Enforce multi-factor authentication for administrative access and monitor administrative account activity

🔍 How to Verify

Check if Vulnerable:

Check Fabric OS version with 'version' command. If version is earlier than 9.2.1c2, system is vulnerable.

Check Version:

version

Verify Fix Applied:

Run 'version' command and confirm version is 9.2.1c2 or later.

📡 Detection & Monitoring

Log Indicators:

Unusual usage of supportsave, seccertmgmt, or configupload commands
Multiple failed authentication attempts followed by successful administrative login

Network Indicators:

Unexpected administrative SSH/Telnet connections to SAN switches
Unusual outbound connections from SAN switches

SIEM Query:

source="brocade_logs" AND (command="supportsave" OR command="seccertmgmt" OR command="configupload")

📊 Metadata

CVE ID: CVE-2025-58382

CVSS v3 Score: N/A (Unknown)

CWE: CWE-305

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849