Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-12773

CVE-2025-12773: Brocade SANnav Information Disclosure

CVE-2025-12773 is an information disclosure vulnerability in Brocade SANnav that exposes database passwords in audit logs. This article covers the technical details, affected versions, security impact, and mitigation.

Published:

CVE-2025-12773 Overview

A sensitive information disclosure vulnerability exists in Brocade SANnav versions prior to 2.4.0a. The vulnerability resides in the update-reports-purge-settings.sh script, which improperly logs the SANnav database password to system audit logs. This information disclosure flaw allows a remote authenticated attacker with access to audit logs to retrieve the database credentials, potentially leading to unauthorized database access and further compromise of the SANnav management infrastructure.

Critical Impact

Database credentials exposed in audit logs can enable attackers with log access to gain unauthorized access to the Brocade SANnav database, potentially compromising storage area network management data and configurations.

Affected Products

  • Brocade SANnav versions before 2.4.0a
  • Systems running the update-reports-purge-settings.sh script with audit logging enabled

Discovery Timeline

  • 2026-02-03 - CVE-2025-12773 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2025-12773

Vulnerability Analysis

This vulnerability is classified under CWE-209 (Generation of Error Message Containing Sensitive Information). The core issue stems from improper handling of sensitive credentials within the update-reports-purge-settings.sh script. When the script executes, it inadvertently writes the SANnav database password to system audit logs in a manner that makes it accessible to users with audit log read permissions.

The attack requires local access and high privileges, along with some user interaction. However, once an attacker gains access to the audit logs, they can extract the database password and use it to connect directly to the SANnav database. This could expose sensitive SAN configuration data, fabric information, and potentially allow modification of network management settings.

Root Cause

The vulnerability stems from insufficient sanitization of sensitive data before logging. The update-reports-purge-settings.sh script fails to mask or redact database credentials when writing to audit logs. This represents a common secure coding oversight where logging mechanisms capture more information than intended, including credentials that should never be persisted in plaintext form in any log file.

Attack Vector

The attack requires local access to the system running Brocade SANnav. An attacker must first obtain authenticated access to the system with sufficient privileges to read audit logs. Once audit log access is obtained, the attacker can search for entries generated by the update-reports-purge-settings.sh script to locate the exposed database password.

The attack flow involves:

  1. Gaining authenticated access to a system running vulnerable SANnav versions
  2. Accessing system audit logs (requires appropriate privileges)
  3. Searching log entries for database credential exposure
  4. Using extracted credentials to access the SANnav database directly

Detection Methods for CVE-2025-12773

Indicators of Compromise

  • Unusual or unauthorized access to system audit log files
  • Database authentication attempts from unexpected sources or IP addresses
  • Multiple failed or successful database login attempts outside normal operational patterns
  • Evidence of audit log file access by non-administrative users

Detection Strategies

  • Monitor audit log file access patterns for anomalous reads or bulk exports
  • Implement alerts for database authentication from non-standard application sources
  • Review access control logs for unauthorized attempts to read audit logs
  • Deploy file integrity monitoring on audit log directories

Monitoring Recommendations

  • Enable detailed logging of audit log file access events
  • Configure SIEM rules to detect patterns consistent with credential harvesting from logs
  • Monitor for direct database connections that bypass the SANnav application layer
  • Implement user behavior analytics for privileged accounts with audit log access

How to Mitigate CVE-2025-12773

Immediate Actions Required

  • Upgrade Brocade SANnav to version 2.4.0a or later immediately
  • Review existing audit logs for potential credential exposure and rotate database passwords
  • Restrict access to audit log files to essential personnel only
  • Audit user accounts with audit log access permissions

Patch Information

Broadcom has released a fix in Brocade SANnav version 2.4.0a. Organizations should prioritize upgrading to this version or later to remediate this vulnerability. Refer to the Broadcom Security Advisory for detailed upgrade instructions and additional security guidance.

Workarounds

  • Implement strict access controls on audit log files, limiting read access to only essential security personnel
  • If possible, disable audit logging for the update-reports-purge-settings.sh script until patching is complete
  • Rotate database credentials after reviewing audit logs for potential exposure
  • Consider segmenting SANnav management systems to limit the impact of credential compromise
bash
# Restrict audit log permissions (temporary mitigation)
chmod 600 /var/log/audit/*
chown root:root /var/log/audit/*
# Review audit log access (identify potential exposure)
ausearch -k audit-log-access --start today

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne