Primary

Context

Broadcom DX NetOps Spectrum Deserialization Vulnerability Allowing Object Injection

Vulnerability

Patched

A deserialization vulnerability allowing object injection has been identified in Broadcom DX NetOps Spectrum versions through 24.3.13 on both Windows and Linux. This vulnerability arises from insecure deserialization of user-supplied data, which could be exploited by an authenticated attacker to trigger arbitrary DNS lookups and potentially execute remote code.

Impact

Exploitation of this vulnerability could lead to arbitrary DNS lookups and potentially allow for remote code execution.

Remediation

Users can upgrade to Broadcom DX NetOps Spectrum version 25.4.1 or later to address this vulnerability.

Added: Jan 12, 2026, 5:17 AM

Updated: Jan 12, 2026, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Broadcom DX NetOps Spectrum Deserialization Vulnerability Allowing Object Injection

Vulnerability

Impact

Remediation

Affected Products

Broadcom DX NetOps Spectrum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating