CA20260112-01: Security Notice for DX NetOps Spectrum

Spectrum

0 more products

36756

12 January 2026

12 January 2026

CLOSED

HIGH

8.8

none

CVE-2025-69267, CVE-2025-69268, CVE-2025-69269, CVE-2025-69270, CVE-2025-69271, CVE-2025-69272, CVE-2025-69273, CVE-2025-69274, CVE-2025-69275, CVE-2025-69276

CA20260112-01: Security Notice for DX NetOps Spectrum

Issued: January 12th, 2026

Broadcom is alerting customers to vulnerabilities in DX NetOps Spectrum. 

CVE-2025-69267 - a directory path traversal vulnerability in the OneClick server allowed an authenticated user to read arbitrary files from the server's filesystem.

CVE-2025-69268 - a reflected cross-site scripting (XSS) vulnerability in the comparison view page allowed a remote attacker to inject arbitrary JavaScript code into a user's web session.

CVE-2025-69269 - a command injection vulnerability in NCM SERVICE allowed an attacker to execute arbitrary commands on a host operating system with the same privileges as the vulnerable application.

CVE-2025-69270 - the application exposed session tokens in URLs for certain administrative functions, which could lead to session hijacking if the URL is leaked.

CVE-2025-69271 - the application supported Basic Authentication, which transmitted credentials in a weakly encoded format (Base64), increasing the risk of credential exposure.

CVE-2025-69272 - a "password returned in clear text" vulnerability occurred when an application sent or displayed a user's password as plain text over an unencrypted connection or in a response, making it vulnerable to interception by attackers.  This could lead to unauthorized access to accounts and other sensitive data.

CVE-2025-69273 - an authentication bypass vulnerability allowed unauthenticated remote attackers to access and download sensitive configuration files from the web server.

CVE-2025-69274 - a broken authorization vulnerability allowed a low-privileged user to perform actions on other users' sessions, including those of administrators.

CVE-2025-69275 - the product included outdated third-party Javascript libraries (Bootstrap and DOMPurify) which contained known vulnerabilities that could potentially lead to Cross-Site Scripting (XSS) attacks.

CVE-2025-69276 - the application was vulnerable to insecure deserialization of user-supplied data, which could be leveraged by an authenticated attacker to trigger arbitrary DNS lookups and potentially lead to remote code execution.

Broadcom has published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions.

Risk Rating

CVE-2025-69267- CVSS v4.0 Score: 8.8 / High
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

CVE-2025-69268- CVSS v4.0 Score: 5.3 / Medium
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CVE-2025-69269- CVSS v4.0 Score: 7.1 / Medium
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

CVE-2025-69270- CVSS v4.0 Score: 2.3 / Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

CVE-2025-69271- CVSS v4.0 Score: 2.3 / Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVE-2025-69272- CVSS v4.0 Score: 5.3 / Medium
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CVE-2025-69273- CVSS v4.0 Score: 8.7 / High
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

CVE-2025-69274- CVSS v4.0 Score: 2.3 / Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

CVE-2025-69275- CVSS v4.0 Score: 7.1 / High
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

CVE-2025-69276- CVSS v4.0 Score: 2.3 / Low
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Platform(s)

Windows
Linux

Affected Products

CVE-2025-69267 - Spectrum v24.3.8 and earlier
CVE-2025-69268 - Spectrum v24.3.8 and earlier
CVE-2025-69269 - Spectrum v23.3.6 and earlier **
CVE-2025-69270 - Spectrum v24.3.8 and earlier
CVE-2025-69271 - Spectrum v24.3.13 and earlier
CVE-2025-69272 - Spectrum v21.2.1 and earlier *
CVE-2025-69273 - Spectrum v24.3.10 and earlier
CVE-2025-69274 - Spectrum v24.3.10 and earlier
CVE-2025-69275 - Spectrum v24.3.9 and earlier
CVE-2025-69276 - Spectrum v24.3.13 and earlier

* 21.2.x reached End of Service (EOS) on 2023-12-31 - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/CriticalAlerts/End-of-Service-for-DX-NetOps-21-2-x---Important-Update/22376

** 23.3.x reached End of Service (EOS) on 2025-10-31 - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/ProductAdvisories/Reminders--Upcoming-End-of-Service-Dates--for-DX-NetOps-23-3-x--VMware-Smarts-10-1-9-x--and-Network-Configuration-Manager-10-1-13--and-Stabilization-of-CA-Business-Intelligence--CABI--JasperReports-with-DX-NetOps/36199

Non-Affected Products

CVE-2025-69267 - Spectrum v24.3.9 and later
CVE-2025-69268 - Spectrum v24.3.9 and later
CVE-2025-69269 - Spectrum v23.3.7 and later **
CVE-2025-69270 - Spectrum v24.3.9 and later
CVE-2025-69271 - Spectrum v25.4.1 and later
CVE-2025-69272 - Spectrum v21.2.2 and later *
CVE-2025-69273 - Spectrum v24.3.11 and later
CVE-2025-69274 - Spectrum v24.3.11 and later
CVE-2025-69275 - Spectrum v24.3.10 and later
CVE-2025-69276 - Spectrum v25.4.1 and later

How to determine if the installation is affected

Check the product version of DX NetOps Spectrum in the About section of the OneClick console.

Solution

Broadcom published the following solutions to address the vulnerabilities:

Upgrading to 25.4.1 or later resolves all of the vulnerabilities listed in this notice.

See below for solution details for each vulnerability.

CVE-2025-69267 - https://techdocs-author.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/24-3-9/release-information/Features-and-Enhancements-2439.html#concept.dita_7844919a-5ce7-41ee-838f-60bc7bda246f_vulnerability

CVE-2025-69268 - https://techdocs-author.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/24-3-9/release-information/Features-and-Enhancements-2439.html#concept.dita_7844919a-5ce7-41ee-838f-60bc7bda246f_vulnerability

CVE-2025-69269 - https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/23-3/managing-network/network-configuration-manager/network-configuration-manager-configurations/network-configuration-manager-extension-utility.html#concept.dita_365f06e2315d5d81950a2d485914292dc36c4aa3_validation

CVE-2025-69270 - https://techdocs-author.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/24-3-9/release-information/Features-and-Enhancements-2439.html#concept.dita_7844919a-5ce7-41ee-838f-60bc7bda246f_vulnerability

CVE-2025-69271 - https://techdocs-author.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/25-4-1/release-information/Features-and-Enhancements-2541.html?wcmmode=disabled#GUID-44b3805f-b974-4780-a210-daefbcd7ba89-en_authentication

CVE-2025-69272 - https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-netops/24-3/securing-dx-netops/securing-fault-monitoring/configure-oneclick-for-secure-sockets-layer/encrypt-passwords-using-the-cryptowrapper-utility.html

CVE-2025-69273 - https://techdocs-author.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/24-3-11/release-information/Features-and-Enhancements-24311.html#concept.dita_7844919a-5ce7-41ee-838f-60bc7bda246f_security

CVE-2025-69274 - https://techdocs-author.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/24-3-11/release-information/Features-and-Enhancements-24311.html#concept.dita_7844919a-5ce7-41ee-838f-60bc7bda246f_security

CVE-2025-69275 - https://support.broadcom.com/group/ecx/productdetails?productName=Spectrum

CVE-2025-69276 - https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/25-4/release-information/Features-and-Enhancements-2541.html#GUID-44b3805f-b974-4780-a210-daefbcd7ba89-en_enhancedsecurity

How to determine if the fix is applied

Check the product version of DX NetOps Spectrum in the About section of the OneClick console.

References

CVE-2025-69267 - Spectrum directory path traversal
CVE-2025-69268 - Spectrum reflected XSS
CVE-2025-69269 - Spectrum command injection in NCM service
CVE-2025-69270 - Spectrum session token in URL
CVE-2025-69271 - Spectrum basic authentication in use
CVE-2025-69272 - Spectrum password returned in clear
CVE-2025-69273 - Spectrum broken authentication
CVE-2025-69274 - Spectrum broken authorization scheme
CVE-2025-69275 - Spectrum outdated java library in class-path
CVE-2025-69276 - Spectrum insecure deserialiation

Acknowledgement

CVE-2025-69267, CVE-2025-69268, CVE-2025-69269, CVE-2025-69270, CVE-2025-69271, CVE-2025-69272, CVE-2025-69273, CVE-2025-69274, CVE-2025-69275, CVE-2025-69276 - Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre

Change History

Version 1.0: 2026-01-12 - Initial Release

Broadcom customers may receive product alerts and advisories by subscribing to Product Notifications.

Customers who require additional information about this notice may contact Broadcom Support at https://support.broadcom.com/.

To report a suspected vulnerability in a Broadcom product, please contact the Broadcom Product Security Incident Response Team.

Copyright © 2026 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA Technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.