CVE-2025-10847
📋 TL;DR
DX Unified Infrastructure Management (Nimsoft/UIM) has an improper ACL handling vulnerability in its robot controller component that allows remote attackers to execute commands, read from, or write to the target system. This affects all organizations running vulnerable versions of DX UIM/Nimsoft.
💻 Affected Systems
- DX Unified Infrastructure Management
- Nimsoft UIM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with remote code execution leading to data theft, ransomware deployment, or complete system takeover.
Likely Case
Unauthorized command execution allowing attackers to install malware, exfiltrate sensitive data, or pivot to other systems.
If Mitigated
Limited impact if proper network segmentation and access controls prevent exploitation attempts.
🎯 Exploit Status
The vulnerability allows remote exploitation without authentication, making it relatively easy to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Broadcom advisory for specific patched versions
Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36180
Restart Required: Yes
Instructions:
1. Review Broadcom advisory for patched versions. 2. Download and apply the latest security patch from Broadcom support. 3. Restart affected UIM services. 4. Verify the patch is applied successfully.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to UIM robot controller ports
Use firewall rules to block external access to UIM ports (default 48000-48010)
Access Control Lists
allImplement strict ACLs to limit which systems can communicate with UIM controllers
Configure network ACLs to allow only trusted management systems
🧯 If You Can't Patch
- Isolate vulnerable systems in a separate network segment with strict access controls
- Implement application-level firewalls to monitor and block suspicious commands to UIM controllers
🔍 How to Verify
Check if Vulnerable:
Check UIM version against Broadcom advisory and verify if robot controller is accessible from untrusted networksCheck Version:
On UIM server: nimsoft\bin\controller.exe -v (Windows) or /opt/nimsoft/bin/controller -v (Linux)Verify Fix Applied:
Verify UIM version is updated to patched version and test that remote command execution is no longer possible📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in UIM logs
- Unauthorized access attempts to robot controller
- Suspicious process creation from UIM components
Network Indicators:
- Unexpected connections to UIM robot controller ports (48000-48010)
- Command and control traffic from UIM systems
SIEM Query:
source="uim_logs" AND (event="command_execution" OR event="unauthorized_access")