CVE-2025-12772 | THREATINT

Description

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password.

PUBLISHED Reserved 2025-11-05 | Published 2026-02-02 | Updated 2026-02-04 | Assigner brocade

HIGH: 8.5CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

before 2.4.0b

affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36846

cve.org (CVE-2025-12772)

nvd.nist.gov (CVE-2025-12772)

Download JSON