CVE-2025-12772
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-02-09
Assigner: Brocade Communications Systems, LLC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | sannav | to 2.4.0b (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Brocade SANnav before version 2.4.0b, where the Brocade Fabric OS Switch admin password is logged in clear text within the SANnav support save logs. When an out-of-memory (OOM) event happens on a Brocade SANnav server, the call stack trace for the Brocade switch is collected in a heap dump file, which contains the switch admin password in clear text. A remote authenticated attacker with admin privileges could access these logs or support save files to read the switch admin password.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of the Brocade Fabric OS Switch admin password if an attacker with admin privileges accesses the SANnav logs or support save files. This could allow the attacker to gain further unauthorized access or control over the Brocade switch, potentially compromising the security and operation of the storage area network.