CVE-2025-58380
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-06
Assigner: Brocade Communications Systems, LLC
Description
Description
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command βgrepβ to modify the path variables and move upwards in the directory structure or to traverse to different directories.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | fabric_operating_system | to 9.2.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
