Broadcom DX NetOps Spectrum 24.3.8-: Info Exposure via GET Query Strings
CVE-2025-69270 Published on January 12, 2026
Spectrum session token in URL
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Weakness Type
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. The query string can be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.
Products Associated with CVE-2025-69270
Want to know whenever a new CVE is published for Broadcom Dx Netops Spectrum? stack.watch will email you.
Affected Versions
Broadcom DX NetOps Spectrum:- Version 24.3.8 and earlier is affected.
- Version 24.3.9 and later is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.