CVE-2025-12772 is a vulnerability affecting Brocade SANnav versions prior to 2.4.0b, involving the cleartext storage of sensitive information, specifically the Brocade Fabric OS Switch admin password. The issue arises when the SANnav server experiences an out-of-memory (OOM) condition, triggering the creation of a heap dump file that includes the call stack trace for the Brocade switch. This call stack trace inadvertently contains the admin password in plaintext. These heap dumps are included in the SANnav support save logs, which can be accessed by users with administrative privileges on the SANnav server. An attacker with remote authenticated admin access can retrieve these logs and extract the switch password, potentially allowing unauthorized control over the SAN fabric switches. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information), indicating poor handling of sensitive credentials. The CVSS v4.0 score of 8.5 (high severity) reflects the vulnerability's network attack vector, low attack complexity, no requirement for additional privileges beyond admin, and no user interaction needed. The impact on confidentiality is high, as the password exposure can lead to further compromise of the storage network. Integrity is also at risk since an attacker could manipulate SAN switch configurations. Availability impact is not significant. No patches were linked in the provided data, but upgrading to SANnav 2.4.0b or later is the recommended remediation. No known exploits have been reported in the wild, but the vulnerability's nature makes it a critical concern for environments relying on Brocade SANnav for SAN management.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of storage area network (SAN) environments managed by Brocade SANnav. Exposure of the Fabric OS Switch admin password can lead to unauthorized access and control over SAN switches, potentially allowing attackers to disrupt storage operations, manipulate data flows, or exfiltrate sensitive data stored on SAN-attached devices. This could impact critical sectors such as finance, healthcare, manufacturing, and government agencies that rely heavily on SAN infrastructure for data storage and availability. The requirement for authenticated admin access limits the attack surface but also highlights the importance of protecting admin credentials and access controls. If an attacker compromises an admin account, they could leverage this vulnerability to escalate privileges and cause widespread disruption. The lack of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score and sensitive nature of the data involved necessitate urgent attention. Organizations with compliance obligations under GDPR must also consider the implications of potential data breaches resulting from this vulnerability.

1. Upgrade Brocade SANnav to version 2.4.0b or later, where this vulnerability is addressed. 2. Restrict administrative access to SANnav servers strictly to trusted personnel and enforce strong authentication mechanisms, such as multi-factor authentication (MFA). 3. Regularly audit and monitor access logs to detect any unauthorized or suspicious admin activity on SANnav. 4. Limit the generation and retention of support save logs containing heap dumps; ensure logs are stored securely with restricted access. 5. Implement network segmentation to isolate SAN management interfaces from general network access, reducing exposure to remote attackers. 6. Rotate Fabric OS Switch admin passwords regularly and immediately after any suspected compromise. 7. Educate administrators about the risks of credential exposure and the importance of safeguarding SANnav admin credentials. 8. Consider deploying endpoint detection and response (EDR) solutions on SANnav servers to detect anomalous behavior indicative of exploitation attempts. 9. Establish incident response procedures specifically addressing SAN infrastructure compromise scenarios.