CVE-2025-1053

CWE-532Log File Information ExposureCWE-12953 documents3 sources
Severity
8.6HIGH
EPSS
0.2%
top 61.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedFeb 14

Description

Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages2 packages

CVEListV5brocade/brocade_sannavBrocade SANnav before 2.3.1b

🔴Vulnerability Details

2
GHSA
GHSA-jx64-r67p-6v8c: Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav su2025-02-14
CVEList
Brocade SANnav encryption key is logged in the debug logs2025-02-14
CVE-2025-1053 (HIGH CVSS 8.6) | Under certain error conditions at t | cvebase.io