Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b (CVE-2025-9711)
36852
27 January 2026
27 January 2026
CLOSED
HIGH
8.5 High - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-9711
|
Brocade Security Advisory ID |
BSA-2026-3303 |
|
Component |
Component name |
|
CWE |
CWE-272: Least Privilege Violation |
|
|
|
Summary
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
Products Affected
- Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b
Products Confirmed Not Affected
- Brocade SANnav - [VEX Justification: Component_not_present]
- Brocade ASCG - [VEX Justification: Component_not_present]
Solution
- Security update is provided in Brocade Fabric OS 10.0.0, 9.2.2c, and 9.2.1c3
Credit
The vulnerability was found during internal testing
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
1/27/2026 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.