Vendor scorecard
Brocade
Brocade security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: brocade
Product families
2
Open in latest
59
Inferred — see methodology
Last disclosure
Feb 3, 2026
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Fabric OS / SAN SwitchingRouting & Switchingfabric_operating_system, brocade_fabric_operating_system, fabric_os | 0 | 59 | 9.2.0LOW | ||
| Network AdvisorNetwork Management & Monitoringnetwork_advisor | 0 | 0 | 14.3.1MED |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-9711(opens NVD record) | High | 7.8 | A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands. | Feb 3, 2026 |
| CVE-2025-58381(opens NVD record) | Low | 2.3 | A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories. | Feb 3, 2026 |
| CVE-2025-58380(opens NVD record) | Low | 2.3 | A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories. | Feb 3, 2026 |
| CVE-2026-0383(opens NVD record) | High | 7.8 | A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command. | Feb 3, 2026 |
| CVE-2025-58383(opens NVD record) | High | 7.2 | A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands. | Feb 3, 2026 |
| CVE-2025-58382(opens NVD record) | High | 7.2 | A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command. | Feb 3, 2026 |
| CVE-2025-58379(opens NVD record) | Medium | 5.5 | Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user. | Feb 3, 2026 |
| CVE-2025-4663(opens NVD record) | Medium | 4.9 | An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2 | Jul 8, 2025 |
| CVE-2025-4661(opens NVD record) | Low | 2.3 | A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit | Jun 19, 2025 |
| CVE-2025-1976(opens NVD record) | Medium | 6.7 | Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | Apr 24, 2025 |
| CVE-2024-5462(opens NVD record) | High | 7.5 | If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified. | Feb 15, 2025 |
| CVE-2024-5461(opens NVD record) | High | 8.0 | Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root. | Feb 15, 2025 |
0 CVEs · 2 product families