{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-69269","assignerOrgId":"e291eae9-7c0a-46ac-ba7d-5251811f8b7f","state":"PUBLISHED","assignerShortName":"ca","dateReserved":"2025-12-31T03:22:49.490Z","datePublished":"2026-01-12T04:10:44.802Z","dateUpdated":"2026-01-12T15:51:36.355Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","Linux"],"product":"DX NetOps Spectrum","vendor":"Broadcom","versions":[{"status":"affected","version":"23.3.6 and earlier","versionType":"custom"},{"status":"unaffected","version":"23.3.7 and later","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.6_and_earlier:*:windows:*:*:*:*:*","vulnerable":true},{"criteria":"cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.6_and_earlier:*:linux:*:*:*:*:*","vulnerable":true},{"criteria":"cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.7_and_later:*:windows:*:*:*:*:*","vulnerable":false},{"criteria":"cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.7_and_later:*:linux:*:*:*:*:*","vulnerable":false}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"}],"datePublic":"2026-01-12T04:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.<p>This issue affects DX NetOps Spectrum: 23.3.6 and earlier.</p>"}],"value":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier."}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":7.1,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e291eae9-7c0a-46ac-ba7d-5251811f8b7f","shortName":"ca","dateUpdated":"2026-01-12T04:10:44.802Z"},"references":[{"tags":["vendor-advisory"],"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"}],"source":{"advisory":"CA20260112-01: Security Notice for DX NetOps Spectrum","discovery":"UNKNOWN"},"title":"Spectrum command injection in NCM service","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-12T15:51:21.445557Z","id":"CVE-2025-69269","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-12T15:51:36.355Z"}}]}}