CVE-2025-2327
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-06-16
Last updated on: 2025-06-17
Assigner: Pure Storage, Inc.
Description
Description
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in FlashArray where the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. This means sensitive encryption keys may be exposed in logs.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of the Key Encryption Key (KEK) through logs, potentially allowing unauthorized access to encrypted data if the logs are accessed by malicious actors.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70