CVE-2025-6392

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 91.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Brocade Sannav
Timeline
PublishedJul 10
Latest updateJul 11

Description

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5broadcom/brocade_sannavBrocade SANnav versions before 2.4.0a

🔴Vulnerability Details

2
GHSA
GHSA-f69j-qx6j-7fq8: Brocade SANnav before Brocade SANnav 22025-07-11
CVEList
Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)2025-07-10
CVE-2025-6392 (MEDIUM CVSS 6.7) | Brocade SANnav before Brocade SANna | cvebase.io