CVE-2025-12773
Unknown Unknown - Not Provided
Sensitive Information Exposure in Brocade SANnav Script Logging

Publication date: 2026-02-03

Last updated on: 2026-03-03

Assigner: Brocade Communications Systems, LLC

Description
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs.Β The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12773
EUVD
EUVD-2025-206663
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom sannav to 2.4.0a (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability involves the logging of the SANnav database password in system audit logs, which could be accessed by a remote authenticated attacker. Exposure of sensitive credentials in logs can lead to unauthorized access to protected data.

Such exposure may impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive information and proper access controls to prevent unauthorized disclosure.

Therefore, this vulnerability could lead to non-compliance with these regulations due to inadequate protection of sensitive credentials and potential unauthorized access.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability exists in the update-reports-purge-settings.sh script logging for Brocade SANnav versions before 2.4.0a. It could cause the SANnav database password to be recorded in the system audit logs. A remote authenticated attacker who can access these audit logs could then obtain the database password.

Impact Analysis

The vulnerability could allow a remote authenticated attacker with access to the audit logs to retrieve the Brocade SANnav database password. This could lead to unauthorized access to the SANnav database, potentially compromising sensitive data or system integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart