CVE-2025-12679

EUVD-2025-206772

02.02.2026, 23:15

A vulnerability in Brocade SANnav before 2.4.0b prints the 
Password-Based Encryption (PBE) key in plaintext in the system audit log
 file. The vulnerability could allow a remote authenticated attacker 
with access to the audit logs to access the pbe key.

Note: The vulnerability is only triggered during a migration and not 
in a new installation. The system audit logs are accessible only to a 
privileged user on the server.



These audit logs are the local server VM’s audit logs and are not 
controlled by SANnav. These logs are only visible to the server admin of
 the host server and are not visible to the SANnav admin or any SANnav 
user.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-312 - Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36845