CVE-2025-69270

CRITICAL
2026-01-12 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 12, 2026 - 05:16 nvd
CRITICAL 9.8

Tags

Broadcom Linux Windows Information Disclosure Dx Netops Spectrum

Description

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Analysis

Broadcom DX NetOps Spectrum (24.3.8 and earlier) exposes session tokens in URL query strings, enabling session hijacking through browser history, referer headers, or proxy logs.

Technical Context

Session identifiers are transmitted in URL query strings (CWE-598) instead of cookies or headers. URLs are logged in browser history, server access logs, proxy caches, and Referer headers sent to third-party resources.

Affected Products

Broadcom DX NetOps Spectrum 24.3.8 and earlier

Remediation

Update Spectrum. Session tokens should be transmitted in cookies with Secure and HttpOnly flags, never in URLs.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: 0

Share

CVE-2025-69270 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy