CVE-2025-12773 | THREATINT

Description

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.

PUBLISHED Reserved 2025-11-05 | Published 2026-02-03 | Updated 2026-02-03 | Assigner brocade

HIGH: 7.1CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-209 Generation of Error Message Containing Sensitive Information

Product status

Default status

unaffected

before 2.4.0a

affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36847

cve.org (CVE-2025-12773)

nvd.nist.gov (CVE-2025-12773)

Download JSON