CVE-2025-6392
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-08-27

Assigner: Brocade Communications Systems, LLC

Description
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-08-27
Generated
2026-05-27
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-25
NVD
CVE-2025-6392
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom brocade_sannav to 2.4.0a (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Brocade SANnav before version 2.4.0a involves the logging of database passwords in clear text within the local server VM's audit logs. This occurs when the daily data dump collector uses docker exec commands. These logs are accessible only to the server administrator of the host server and are not visible to SANnav administrators or users.


How can this vulnerability impact me? :

The vulnerability could lead to unauthorized access to database passwords if an attacker gains access to the local server VM's audit logs. Since the passwords are stored in clear text, this could compromise the security of the database and potentially the broader system managed by Brocade SANnav.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart