A excessive severity flaw affecting Broadcom’s Brocade Cloth OS (FOS) has allowed attackers to run arbitrary code on affected environments with full root-level privileges.
The flaw, tracked as CVE-2025-1976, is especially harmful as it could permit full takeover of FOS units, together with Fibre switches and administrators, that are core to Storage Space Networks (SANs), doubtlessly enabling attackers to change system recordsdata, configuration knowledge, firmware, security mechanisms, and set up persistent malware.
“Brocade Cloth OS variations beginning with 9.1.0 have root entry eliminated, nevertheless, a neighborhood person with admin privilege can doubtlessly execute arbitrary code with full root privilege on Cloth OS variations 9.1.0 via 9.1.1d6,” reads a Broadcom description.
Broadcom has issued a repair via the Brocade FOS 9.1.1d7 replace.
