CVE-2025-12679 is a vulnerability identified in Brocade SANnav, a storage area network management software, affecting versions prior to 2.4.0b. The flaw involves the cleartext storage of the Password-Based Encryption (PBE) key within the system audit log files during migration operations. This key is critical for encrypting sensitive data managed by SANnav. The vulnerability is triggered only during migration, not during new installations. The audit logs containing the plaintext PBE key reside on the local server virtual machine hosting SANnav and are not controlled by SANnav itself. Access to these logs is restricted to privileged users on the host server, typically system administrators with high-level privileges. SANnav administrators or regular users do not have access to these logs. An attacker with remote authenticated access and high privileges on the host server could potentially read these audit logs and extract the PBE key, thereby compromising the confidentiality of encrypted data. The vulnerability does not require user interaction beyond the migration process and does not affect integrity or availability directly. The CVSS 4.0 vector indicates local attack vector, low attack complexity, no attack prerequisites, high impact on confidentiality, and scope and integrity unchanged. No known exploits are currently reported in the wild. The vulnerability underscores the risk of sensitive key material being exposed in logs, which could be leveraged for further attacks or data breaches if server access is compromised.

For European organizations, the exposure of the PBE key in plaintext within audit logs poses a significant confidentiality risk. Organizations relying on Brocade SANnav for managing critical storage infrastructure could face unauthorized data decryption if an attacker gains privileged access to the host server. This could lead to data breaches involving sensitive or regulated information, impacting compliance with GDPR and other data protection regulations. The vulnerability is particularly concerning for data centers and enterprises with complex storage environments undergoing migrations. While the attack requires high privilege and authenticated access, insider threats or compromised administrative accounts could exploit this vulnerability. The impact is limited to confidentiality; however, the potential for data exposure in highly regulated sectors such as finance, healthcare, and government is substantial. The lack of public exploits reduces immediate risk but does not eliminate the threat, especially in targeted attacks.

1. Restrict access to the local server VM audit logs strictly to trusted, minimal privileged administrators and monitor access logs for suspicious activity. 2. Implement strong access controls and multi-factor authentication for server administrators to reduce risk of credential compromise. 3. Schedule and carefully control migration activities to limit exposure windows and ensure audit logs are reviewed and securely archived or purged after migration. 4. Monitor for unusual access patterns or privilege escalations on the host server. 5. Coordinate with Brocade for timely patching or updates addressing this vulnerability once available. 6. Consider encrypting or securing audit logs at the system level to prevent plaintext exposure of sensitive keys. 7. Conduct regular security audits and penetration tests focusing on privileged access and log management. 8. Educate system administrators about the sensitivity of audit logs and enforce strict operational security during migrations.