CISA Warns of Exploited Broadcom, Commvault Vulnerabilities

The US cybersecurity agency CISA on Monday issued a warning on the active exploitation of recently patched vulnerabilities in Broadcom, Commvault, and Qualitia products.

The Broadcom flaw, tracked as CVE-2025-1976 (CVSS score of 8.6), is described as a code injection issue that could allow an authenticated attacker with administrative privileges to execute arbitrary code as root.

“Through a flaw in IP address validation, a local user, assigned one of the pre-defined admin roles or a user-defined role with admin-level privileges, can execute arbitrary code as if they had full root level access,” Broadcom explains in its advisory.

According to the vendor, an attacker could exploit the bug to execute any Fabric OS command and to modify the Fabric OS itself to add their own subroutines.

The security defect impacts Brocade Fabric OS versions 9.1.0 through 9.1.1d6 and was addressed with the release of Fabric OS ...