What is the CVSS score of CVE-2025-69269?

CVE-2025-69269 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Windows are affected by CVE-2025-69269?

CVE-2025-69269 presents critical security risk, a OS command injection vulnerability rated CVSS 9.8.

How to fix or mitigate CVE-2025-69269?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Windows CVE-2025-69269

CRITICAL

OS Command Injection (CWE-78)

2026-01-12 vuln@ca.com

Windows Linux Command Injection Broadcom Dx Netops Spectrum

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 12, 2026 - 05:16 nvd

CRITICAL 9.8

DescriptionNVD

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

AnalysisAI

Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure.

Technical ContextAI

User input is passed to OS commands without sanitization (CWE-78). Network management platforms have privileged access to managed devices via SNMP, SSH, and other protocols.