CVE-2025-12773

MEDIUM

Brocade SANnav <2.4.0a - Info Disclosure

Title source: llm

Description

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.

References (1)

[Various Sources] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36847

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-209

Status published

Affected Products (1)

broadcom/sannav < 2.4.0a

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026