CVE-2025-7397

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 95.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Brocade AscgBroadcom Brocade Ascg
Timeline
PublishedJul 17
Latest updateJul 18

Description

A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:N/SA:N

Affected Packages2 packages

NVDbrocade/ascg< 3.3.0
CVEListV5broadcom/brocade_ascgbefore 3.3.0

🔴Vulnerability Details

2
GHSA
GHSA-85v8-mqqr-6qh5: A vulnerability in the ascgshell, of Brocade ASCG before 32025-07-18
CVEList
CLI history displays inline passwords2025-07-17
CVE-2025-7397 (MEDIUM CVSS 6.8) | A vulnerability in the ascgshell | cvebase.io