Path transversal vulnerability potentially leading to sensitive information disclosure (CVE-2025-4661)
35814
22 July 2025
10 June 2025
CLOSED
MEDIUM
4.8 Medium – CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2025-4661
|
Brocade Security Advisory ID |
BSA-2025-2996 |
|
Component |
CLI |
|
CWE |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
|
|
Summary
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information.
Note: Admin level privilege is required on the switch in order to exploit
Products Affected
- Brocade Fabric OS 9.1.0 through 9.2.1b and 9.2.2
Products Not Affected
- Brocade ASCG is not affected by this vulnerability
- Brocade SANnav is not affected by this vulnerability
Solution
- Security update provided in Brocade Fabric OS 9.2.1c and 9.2.2a
Note
The issue was found during internal testing.
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
June 10, 2025 |
|
1.1 |
Added security update in FOS 9.2.1c |
July 22, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.