• News
  • Positive Technologies helps fix vulnerabilities in Broadcom network adapter firmware
News

Positive Technologies helps fix vulnerabilities in Broadcom network adapter firmware

Broadcom network adapters are widely used to connect servers and other data center equipment

Alexey Kovrizhnykh of Positive Labs, a research team at Positive Technologies specializing in hardware and software security, helped Broadcom remediate two vulnerabilities in the firmware of its high-speed network adapters used in servers and data centers. Successful exploitation could disrupt business operations and lead to the compromise of employee, customer, and partner data. Broadcom added Alexey Kovrizhnykh to its Hall of Fame, acknowledging his contribution and thanking him for the research.

Broadcom is a leading semiconductor manufacturer and currently the seventh most valuable company in the world. Organizations rely on its products to build high-performance systems for workloads such as machine learning and data analytics.
 

The first vulnerability, tracked as PT-2025-171 (CVE-2025-56548, BDU:2025-01796) carries a CVSS 4.0 score of 4.6 out of 10. The second vulnerability, tracked as PT-2025-19 (CVE-2025-56547, BDU:2025-01825), scored 8.2 on the CVSS scale and has two exploitation vectors. The vulnerabilities affect firmware version 231.1.162.1 of Broadcom NetXtreme-E network adapters. Successful exploitation could disrupt services for cloud providers, data centers, and enterprise customers using the impacted hardware, and could result in the theft of employee, customer, and partner data. This could lead to financial losses and reputational damage.

Broadcom was notified of the threat under a responsible disclosure policy and has released a firmware update. Users should upgrade to the latest version as soon as possible and follow the vendor's direct guidance. For additional protection, enable all available security features in the network adapter's configuration.
 

1 The security vulnerabilities have been registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.

Exploitation would require the attacker to run code from a virtual machine2 on a server equipped with a vulnerable network adapter. Access to such a VM could be obtained by compromising the host or by legitimately renting the required compute resources.

2 A software-based emulation of a physical computer.

"Modern enterprise IT is built on virtualization. Multiple services—for example, a corporate website, an internal portal, and an ERP system—can run on a single physical server while remaining isolated3 in separate virtual machines. Cloud providers likewise deliver resources to different customers as VMs that share the same underlying hardware. If attackers could execute arbitrary code and exploit PT-2025-19, they could potentially perform a VM Escape attack4 and gain full access to any virtual machine on a server equipped with the vulnerable network adapter. That, in turn, could enable theft of data processed on those VMs, including credentials and personal information belonging to employees, partners, and customers."

Alexey Usanov
Alexey UsanovHead of Hardware Security (Positive Labs) at Positive Technologies

Exploiting PT-2025-19 could also trigger a denial of service (DoS) in the network adapter, cutting off network connectivity for all virtual machines on the affected server. This could disrupt industrial processes and operational workflows and erode customer trust. 

Organizations can identify and block potential attacker paths to mission-critical systems—and eliminate opportunities to exploit discovered vulnerabilities—using an attack-path modeling and proactive cyberthreat management solution such as MaxPatrol Carbon.

For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.

3 Isolation (separating services from each other) helps protect an organization's IT infrastructure if any single component is compromised.

4 An attack where a threat actor escapes the isolation boundary of a virtual machine and gains access to the physical server's operating system or to other virtual machines hosted on it.

Share link