CVE-2025-69270 (GCVE-0-2025-69270)
Vulnerability from cvelistv5
Published
2026-01-12 04:20
Modified
2026-01-12 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-598 - Information Exposure Through Query Strings in GET Request
Summary
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Version: 24.3.8 and earlier < Patch: 24.3.9 and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:21:01.996598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:21:09.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.8 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.9 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
}
],
"value": "Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598 Information Exposure Through Query Strings in GET Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:35:06.225Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "EXTERNAL"
},
"title": "Spectrum session token in URL",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69270",
"datePublished": "2026-01-12T04:20:13.446Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:21:09.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-69270\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-12T15:21:01.996598Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-12T15:21:06.267Z\"}}], \"cna\": {\"title\": \"Spectrum session token in URL\", \"source\": {\"advisory\": \"CA20260112-01: Security Notice for DX NetOps Spectrum\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre\"}], \"impacts\": [{\"capecId\": \"CAPEC-593\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-593 Session Hijacking\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Broadcom\", \"product\": \"DX NetOps Spectrum\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.3.8 and earlier\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"24.3.9 and later\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\", \"Linux\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-12T04:15:00.000Z\", \"references\": [{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-598\", \"description\": \"CWE-598 Information Exposure Through Query Strings in GET Request\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*\", \"vulnerable\": false}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"e291eae9-7c0a-46ac-ba7d-5251811f8b7f\", \"shortName\": \"ca\", \"dateUpdated\": \"2026-01-12T04:35:06.225Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-69270\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-12T15:21:09.808Z\", \"dateReserved\": \"2025-12-31T03:22:49.490Z\", \"assignerOrgId\": \"e291eae9-7c0a-46ac-ba7d-5251811f8b7f\", \"datePublished\": \"2026-01-12T04:20:13.446Z\", \"assignerShortName\": \"ca\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…