CVE-2025-2327

Summary

A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

Affected Software

VendorProductVersion RangeStatus
Pure StorageFlashArray6.0.0 <= 6.0.9affected
Pure StorageFlashArray6.1.0 <= 6.1.25affected
Pure StorageFlashArray6.2.0 <= 6.2.17affected
Pure StorageFlashArray6.3.0 <= 6.3.21affected
Pure StorageFlashArray6.4.0 <= 6.4.10affected
Pure StorageFlashArray6.5.0 <= 6.5.10affected
Pure StorageFlashArray6.6.0 <= 6.6.11affected
Pure StorageFlashArray6.7.0 <= 6.7.3affected
Pure StorageFlashArray6.8.0 <= 6.8.5affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References