CVE-2025-12774 Overview
A vulnerability exists in the migration script for Brocade SANnav before version 3.0 that could allow the collection of database SQL queries in the SANnav support save file. An attacker with access to the Brocade SANnav supportsave file could open the file and obtain sensitive information such as details of database tables and encrypted passwords.
Critical Impact
Sensitive database information including table structures and encrypted credentials may be exposed through improperly secured support save files.
Affected Products
- Brocade SANnav versions prior to 3.0
Discovery Timeline
- 2026-02-03 - CVE CVE-2025-12774 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2025-12774
Vulnerability Analysis
This vulnerability falls under CWE-312 (Cleartext Storage of Sensitive Information). The migration script in Brocade SANnav fails to properly sanitize or exclude sensitive database queries when generating support save files. These diagnostic files, intended for troubleshooting purposes, inadvertently capture SQL queries that reveal internal database structure and encrypted password data.
The local attack vector means an adversary requires existing access to the system or the support save file itself. While the encrypted passwords provide some protection, the exposure of database schema information combined with encrypted credentials creates an opportunity for offline attacks and system reconnaissance.
Root Cause
The root cause stems from insufficient filtering in the migration script's data collection routine. When the SANnav support save functionality generates diagnostic bundles, the migration script fails to exclude sensitive SQL query logs from the collected data. This results in database queries—including those that handle authentication data—being written to the support save file in a format that can be read by anyone with file access.
Attack Vector
The attack requires local access to the Brocade SANnav system or to a support save file that has been exported from the system. An attacker who obtains access to these diagnostic files can extract sensitive information by simply opening and reading the contents. The exposure could occur through:
- Direct access to systems where support save files are stored
- Interception of support files during transmission to Broadcom support
- Improper disposal or sharing of diagnostic bundles
- Insider threats with legitimate system access
The vulnerability does not require exploitation code—the sensitive data is directly readable within the support save file once access is obtained.
Detection Methods for CVE-2025-12774
Indicators of Compromise
- Unauthorized access to SANnav support save files (typically with .supportsave extension)
- Unusual file access patterns to diagnostic data directories
- Export or transfer of support save files to unexpected destinations
- Evidence of support save file contents being extracted or parsed
Detection Strategies
- Monitor file access logs for support save file directories
- Implement file integrity monitoring on diagnostic output locations
- Alert on support save file exports outside of normal maintenance windows
- Track user access to SANnav administrative functions that generate diagnostic bundles
Monitoring Recommendations
- Enable comprehensive audit logging for SANnav administrative operations
- Configure SIEM rules to detect bulk file access or export of diagnostic data
- Implement data loss prevention (DLP) controls for files containing database information
- Review access logs regularly for any anomalous patterns around support file generation
How to Mitigate CVE-2025-12774
Immediate Actions Required
- Upgrade Brocade SANnav to version 3.0 or later
- Restrict access to existing support save files to authorized personnel only
- Review and securely dispose of any previously generated support save files that may contain sensitive data
- Implement strict access controls on systems where support save files are stored
Patch Information
Broadcom has addressed this vulnerability in Brocade SANnav version 3.0. Administrators should upgrade to version 3.0 or later to remediate this issue. For detailed patch information and upgrade guidance, refer to the Broadcom Security Advisory #36848.
Workarounds
- Limit support save file generation to essential troubleshooting scenarios only
- Implement strict file permissions on support save output directories
- Encrypt support save files before storage or transmission
- Establish secure channels for sharing diagnostic data with vendor support
- Consider manual sanitization of support files before sharing externally
# Restrict access to SANnav support save directory
chmod 700 /opt/sannav/support/
chown sannav_admin:sannav_admin /opt/sannav/support/
# Review existing support save files
find /opt/sannav/ -name "*.supportsave" -type f -exec ls -la {} \;
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
