CVE-2025-12772
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-12772, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-02

Last updated on: 2026-02-09

Assigner: Brocade Communications Systems, LLC

Description

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-02
Last Modified
2026-02-09
Generated
2026-07-06
AI Q&A
2026-02-03
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
broadcom sannav to 2.4.0b (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in Brocade SANnav before version 2.4.0b, where the Brocade Fabric OS Switch admin password is logged in clear text within the SANnav support save logs. When an out-of-memory (OOM) event happens on a Brocade SANnav server, the call stack trace for the Brocade switch is collected in a heap dump file, which contains the switch admin password in clear text. A remote authenticated attacker with admin privileges could access these logs or support save files to read the switch admin password.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of the Brocade Fabric OS Switch admin password if an attacker with admin privileges accesses the SANnav logs or support save files. This could allow the attacker to gain further unauthorized access or control over the Brocade switch, potentially compromising the security and operation of the storage area network.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart