CVE-2025-12679
Unknown Unknown - Not Provided
Plaintext PBE Key Exposure in Brocade SANnav Audit Logs

Publication date: 2026-02-02

Last updated on: 2026-03-03

Assigner: Brocade Communications Systems, LLC

Description
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12679
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom sannav to 2.4.0b (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Brocade SANnav before version 2.4.0b causes the Password-Based Encryption (PBE) key to be printed in plaintext in the system audit log file during a migration. This means that a remote authenticated attacker who has access to these audit logs could potentially obtain the PBE key. The audit logs are only accessible to privileged users on the server, not to SANnav admins or users.

Impact Analysis

The vulnerability could allow a remote authenticated attacker with access to the audit logs to retrieve the PBE key, potentially compromising encrypted data protected by that key. Since the audit logs are only accessible to privileged server users, the risk is limited to attackers who have such access, but it could lead to unauthorized data access or decryption.

Detection Guidance

This vulnerability can be detected by inspecting the system audit log files on the local server VM for plaintext Password-Based Encryption (PBE) keys. Since the audit logs are accessible only to privileged users on the server, you should review these logs during or after a migration process (as the vulnerability is triggered only during migration). Specific commands depend on the server OS, but generally, you can use commands like 'grep' on Linux to search for PBE keys in audit logs, for example: grep -i 'pbe key' /var/log/audit/audit.log. Note that the logs are local to the server VM and not controlled by SANnav.

Mitigation Strategies

Immediate mitigation steps include restricting access to the system audit logs to only highly trusted privileged users, especially during migration processes. Since the vulnerability exposes the PBE key in plaintext in audit logs, ensure that audit logs are securely stored and access is tightly controlled. Additionally, avoid performing migrations on systems where unauthorized users might have access to audit logs. Upgrading Brocade SANnav to version 2.4.0b or later, where the vulnerability is fixed, is recommended once available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12679. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart