CVE-2025-10847 is a vulnerability identified in Broadcom's Unified Infrastructure Management (UIM) product, version 23.4.5 and earlier. The issue lies in the robot (controller) component, which improperly handles Access Control Lists (ACLs), a critical security mechanism that restricts access to system resources. This improper ACL handling allows a remote attacker to bypass intended access restrictions and execute arbitrary commands on the affected system. Additionally, the attacker can read from or write to the file system, potentially leading to data leakage, unauthorized modification, or destruction of data. The vulnerability does not require authentication or user interaction, increasing its risk profile. However, the attack complexity is high, meaning exploitation requires specific conditions or expertise. The CVSS 4.0 base score is 8.4, reflecting high severity, with vector metrics indicating network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The scope is limited to the vulnerable component without affecting other components. No known exploits have been reported in the wild yet, but the potential impact on critical infrastructure monitoring systems is significant. The vulnerability is categorized under CWE-284, which relates to improper access control. As Broadcom UIM is widely used for monitoring and managing IT infrastructure, this vulnerability poses a substantial risk to organizations relying on it for operational continuity and security.

The vulnerability allows remote attackers to execute arbitrary commands and manipulate files on systems running vulnerable versions of Broadcom UIM without authentication or user interaction. This can lead to full system compromise, unauthorized data access, data corruption, or service disruption. Organizations using UIM for infrastructure monitoring could face operational outages, loss of sensitive information, and potential lateral movement within their networks. The impact extends to confidentiality, integrity, and availability of critical infrastructure management systems, potentially affecting business continuity and compliance with regulatory requirements. Given the high attack complexity, exploitation may be limited to skilled attackers or those with specific network access, but the absence of authentication requirements increases the risk if network defenses are weak. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as threat actors may develop exploits over time. Industries relying heavily on Broadcom UIM, such as telecommunications, finance, government, and large enterprises, could experience significant operational and reputational damage if exploited.

1. Apply official patches or updates from Broadcom as soon as they become available to address the improper ACL handling in the robot component. 2. Until patches are released, restrict network access to the robot component by implementing firewall rules that limit connections to trusted management networks only. 3. Employ network segmentation to isolate the UIM infrastructure from general user and internet-facing networks, reducing exposure to remote attackers. 4. Monitor network traffic and system logs for unusual activity related to the robot component, such as unexpected command executions or file access patterns. 5. Conduct regular security assessments and penetration testing focused on UIM deployments to identify and remediate configuration weaknesses. 6. Implement strict access controls and least privilege principles for users and services interacting with the UIM system. 7. Educate IT and security teams about this vulnerability to ensure rapid detection and response to potential exploitation attempts. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting anomalous behavior related to this vulnerability once available.