CVE-2025-12679Cleartext Storage of Sensitive Info in Sannav

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 99.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom SannavBrocade Sannav
Timeline
PublishedFeb 2
Latest updateFeb 3

Description

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controll

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Affected Packages2 packages

CVEListV5brocade/sannavSANnav before 2.4.0b
NVDbroadcom/sannav< 2.4.0b

🔴Vulnerability Details

2
GHSA
GHSA-33j4-gghf-cv63: A vulnerability in Brocade SANnav before 22026-02-03
CVEList
Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.02026-02-02
CVE-2025-12679 — Cleartext Storage of Sensitive Info | cvebase