Spectrum command injection in NCM service_CVE-2025-69269

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

Basic Information

ID CVE-2025-69269

Source ca

Published Jan 12, 2026 at 04:10

Affected Product

Vendor Broadcom

Product DX NetOps Spectrum

Version 23.3.6 and earlier

Affected Versions Broadcom DX NetOps Spectrum 23.3.6 and earlier

CWE Classification

CWE-78

References

support.broadcom.com /web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.",
    "published": "2026-01-12T04:10:44.802Z",
    "modified": "2026-01-12T04:10:44.802Z",
    "type": "cve",
    "title": "Spectrum command injection in NCM service",
    "source": "ca",
    "references": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756",
    "id": "CVE-2025-69269",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Broadcom DX NetOps Spectrum 23.3.6 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DX NetOps Spectrum",
    "version": "23.3.6 and earlier",
    "vendor": "Broadcom",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}