CVE-2025-58381
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-06
Assigner: Brocade Communications Systems, LLC
Description
Description
A
vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an
authenticated attacker with admin privileges using the shell commands
βsource, ping6, sleep, disown, wait to modify the path variables and
move upwards in the directory structure or to traverse to different
directories.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | fabric_operating_system | to 9.2.1c2 (exc) |
| broadcom | fabric_operating_system | From 9.2.2 (inc) to 9.2.2b (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
