CVE-2025-12772 is a vulnerability classified under CWE-312 (Cleartext Storage of Sensitive Information) affecting Brocade SANnav versions prior to 2.4.0b. The issue arises because SANnav logs the Brocade Fabric OS switch admin password in cleartext within support save logs and heap dump files generated during out-of-memory (OOM) events. Specifically, when an OOM occurs on the SANnav server, the call stack trace for the Brocade switch is collected in a heap dump file, which inadvertently contains the switch admin password in cleartext. This sensitive information exposure allows a remote attacker who already has authenticated admin privileges on the SANnav system to access these logs or support save files and extract the switch admin password. The vulnerability does not require additional authentication beyond admin access to SANnav but does require some user interaction (UI:P). The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no additional privileges required beyond admin (PR:L), and high impact on confidentiality (VC:H), with no impact on integrity or availability. The scope is high, indicating that the vulnerability affects components beyond the immediate SANnav application. This vulnerability could lead to further compromise of the SAN fabric by exposing critical credentials, potentially allowing attackers to manipulate or disrupt storage networking infrastructure. No known exploits are reported in the wild yet. The vulnerability was published on February 2, 2026, and no official patches are listed, though upgrading to version 2.4.0b or later is implied as a fix.

For European organizations, especially those operating large-scale enterprise data centers or cloud infrastructure relying on Brocade SAN switches managed via SANnav, this vulnerability poses a significant risk. Exposure of the Fabric OS switch admin password compromises the confidentiality of critical credentials, potentially enabling attackers to gain unauthorized control over SAN switches. This could lead to unauthorized configuration changes, data interception, or disruption of storage availability. Given the central role of SAN fabrics in data storage and backup, such compromise could impact data integrity and availability indirectly. The requirement for authenticated admin access to SANnav limits the attack surface but insider threats or compromised admin accounts could exploit this vulnerability. Organizations in sectors with high data sensitivity such as finance, healthcare, and government are particularly at risk. The vulnerability also raises compliance concerns under GDPR due to potential unauthorized access to sensitive infrastructure credentials. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once the vulnerability is public.

1. Upgrade SANnav to version 2.4.0b or later where this vulnerability is addressed. 2. Restrict administrative access to SANnav servers and logs strictly to trusted personnel using strong authentication and role-based access controls. 3. Monitor SANnav servers for out-of-memory (OOM) events and investigate heap dump files for sensitive information leakage. 4. Secure storage and transmission of SANnav support save logs and heap dumps by encrypting these files and limiting access. 5. Implement network segmentation to isolate SAN management interfaces from general network access, reducing exposure. 6. Regularly audit SANnav logs and support files for unauthorized access attempts. 7. Educate administrators about the risks of storing sensitive credentials in logs and encourage secure password management practices. 8. Consider deploying intrusion detection systems to alert on suspicious access patterns to SANnav logs or support files. 9. If upgrading immediately is not possible, consider disabling or limiting support save log generation during OOM conditions as a temporary workaround.