CVE-2025-9711

N/A Unknown

📋 TL;DR

This vulnerability allows local authenticated users on Brocade Fabric OS systems to escalate their privileges to root level using specific commands. It affects Brocade SAN switch administrators and operators who have legitimate access to the system. The vulnerability exists in the export functionality of seccertmgmt and seccryptocfg commands.

💻 Affected Systems

Products:
  • Brocade Fabric OS
Versions: All versions before 9.2.1c3
Operating Systems: Brocade Fabric OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local authenticated access to the switch CLI. The vulnerability is present in default configurations of affected versions.

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious insider or compromised account gains full root access to the SAN switch, enabling complete control over storage network configuration, data interception, and potential denial of service.

🟠

Likely Case

Privileged administrators accidentally or intentionally use the vulnerable commands to gain unnecessary root access, potentially bypassing security controls and audit trails.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to authorized administrators who already have significant system access.

🌐 Internet-Facing: LOW - Brocade Fabric OS systems are typically deployed in internal storage networks, not directly internet-facing.
🏢 Internal Only: HIGH - This affects internal storage infrastructure where compromised switches could disrupt critical business operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to the switch CLI and knowledge of the vulnerable commands. The advisory suggests the exploit is straightforward for users with legitimate access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.1c3

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36852

Restart Required: Yes

Instructions:

1. Download Fabric OS 9.2.1c3 from Broadcom support portal. 2. Upload firmware to switch. 3. Install firmware using 'firmwareDownload' command. 4. Reboot switch to activate new version.

🔧 Temporary Workarounds

Restrict command access

all

Limit access to seccertmgmt and seccryptocfg commands using role-based access controls

userconfig --modify <username> -r <restricted_role>
roleconfig --show <role_name>

Monitor command usage

all

Enable audit logging for seccertmgmt and seccryptocfg commands

auditcfg --enable audit
auditcfg --set seccertmgmt
auditcfg --set seccryptocfg

🧯 If You Can't Patch

  • Implement strict role-based access control to limit who can execute seccertmgmt and seccryptocfg commands
  • Enable comprehensive audit logging and monitor for unauthorized privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Fabric OS version with 'version' command. If version is earlier than 9.2.1c3, system is vulnerable.

Check Version:

version

Verify Fix Applied:

After patching, run 'version' command and confirm version is 9.2.1c3 or later.

📡 Detection & Monitoring

Log Indicators:

  • Audit logs showing seccertmgmt or seccryptocfg commands with export option
  • Unexpected privilege escalation events
  • User sessions transitioning to root privileges

Network Indicators:

  • Unusual configuration changes to SAN switches
  • Unexpected certificate or crypto configuration modifications

SIEM Query:

source="brocade_switch" AND (command="seccertmgmt" OR command="seccryptocfg") AND args="export"

📊 Metadata

CVE ID: CVE-2025-9711
CVSS v3 Score: N/A (Unknown)
CWE: CWE-272
Published: February 3, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This