{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-58382","assignerOrgId":"87b297d7-335e-4844-9551-11b97995a791","state":"PUBLISHED","assignerShortName":"brocade","dateReserved":"2025-08-29T21:03:16.425Z","datePublished":"2026-02-03T01:39:55.349Z","dateUpdated":"2026-02-26T15:04:30.497Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Fabric OS","vendor":"Brocade","versions":[{"status":"affected","version":"before 9.2.1c2 and 9.2.2 through 9.2.2a"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using “supportsave”, \n“seccertmgmt”, “configupload” command."}],"value":"A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using “supportsave”, \n“seccertmgmt”, “configupload” command."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":8.5,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-305","description":"CWE-305: Authentication Bypass by Primary Weakness","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"87b297d7-335e-4844-9551-11b97995a791","shortName":"brocade","dateUpdated":"2026-02-03T02:02:25.413Z"},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849"}],"source":{"discovery":"UNKNOWN"},"title":"Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-58382","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-02-04T04:55:47.584131Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T15:04:30.497Z"}}]}}