CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added yesterday to CISA's 'Known Exploited Vulnerabilities' (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited. Broadcom Brocade Fabric OS is a specialized operating system that runs on the company's Brocade Fibre Channel switches to manage and optimize storage area networks (SAN). Earlier this month, Broadcom disclosed an arbitrary code execution flaw impacting Fabric OS versions 9.1.0 through 9.1.1d6, tracked under CVE-2025-1976. While the flaw requires admin privileges to exploit, Broadcom says it has been actively exploited in attacks. "This vulnerability can allow the user to execute any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their own s ... Read full article.