Detections
Analytics

Brocade Fabric OS 9.1.x < 9.1.1d7 RCE (BSA-2025-2930)

high Nessus Plugin ID 240848

Synopsis

The remote Brocade FabricOS host is affected by a remote code execution vulnerability.

Description

The version of Brocade FabricOS installed on the remote host is 9.1.x prior to 9.1.1d7. It is, therefore, affected by a remote code execution vulnerability as referenced in the BSA-2025-2930 advisory:

 - Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Brocade FabricOS 9.1.1d7 or later

See Also

http://www.nessus.org/u?59b79766

Plugin Details

Severity: High

ID: 240848

File Name: brocade_fabricos_BSA-2025-2930.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 6/27/2025

Updated: 6/27/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4

Risk Factor: High

Base Score: 8.6

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:brocade:fabric_os, cpe:/o:broadcom:fabric_operating_system

Required KB Items: installed_sw/Brocade FabricOS

Patch Publication Date: 4/3/2025

Vulnerability Publication Date: 4/17/2025

Reference Information

CVE: CVE-2025-1976