CVE-2025-12679

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-12679
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36845 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:sannav:*:*:*:*:*:*:*:*
History

03 Mar 2026, 01:05

Type Values Removed Values Added
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36845 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36845 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad en Brocade SANnav anterior a 2.4.0b imprime la clave de Cifrado Basado en Contraseña (PBE) en texto plano en el archivo de registro de auditoría del sistema. La vulnerabilidad podría permitir a un atacante remoto autenticado con acceso a los registros de auditoría acceder a la clave PBE. Nota: La vulnerabilidad solo se activa durante una migración y no en una nueva instalación. Los registros de auditoría del sistema son accesibles solo para un usuario privilegiado en el servidor. Estos registros de auditoría son los registros de auditoría de la VM del servidor local y no están controlados por SANnav. Estos registros solo son visibles para el administrador del servidor del servidor anfitrión y no son visibles para el administrador de SANnav ni para ningún usuario de SANnav.
First Time Broadcom
Broadcom sannav
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:broadcom:sannav:*:*:*:*:*:*:*:*

02 Feb 2026, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-02 23:15

Updated : 2026-03-03 01:05

NVD link : CVE-2025-12679

Mitre link : CVE-2025-12679

CVE.ORG link : CVE-2025-12679

JSON object : View

Products Affected

broadcom

  • sannav
CWE
CWE-312

Cleartext Storage of Sensitive Information