CVE-2025-12679

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.4.0b

Description A flaw exists in Brocade SANnav that results in the Password-Based Encryption (PBE) key being printed in plaintext within the system audit log file. This could allow a remote authenticated attacker with access to the audit logs to obtain the PBE key. The issue is triggered during a migration process and does not affect new installations. Access to the system audit logs is restricted to a privileged user on the server, and these logs are not controlled by SANnav.

Recommendations Update Brocade SANnav to version 2.4.0b or later.