CVE-2025-12680

Summary

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password.

Affected Software

VendorProductVersion RangeStatus
BrocadeSANnavbefore Brocade SANnav 2.4.0baffected

Weaknesses

  • CWE-256: CWE-256: Plaintext Storage of a Password
  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References