CVE-2025-12773 is a vulnerability identified in Brocade SANnav, a storage area network management product, specifically in versions before 2.4.0a. The flaw resides in the update-reports-purge-settings.sh script, which logs sensitive information, including the SANnav database password, into system audit logs. This is a classic example of CWE-209, where error messages or logs inadvertently expose sensitive data. The vulnerability allows a remote attacker who is authenticated with high privileges and has access to the audit logs to retrieve the database password. The CVSS 4.0 score of 7.1 reflects a high severity, considering the attack vector is local (AV:L), requires low attack complexity (AC:L), no additional authentication (AT:N), but does require privileged access (PR:H) and user interaction (UI:P). The vulnerability impacts confidentiality critically, as the database password exposure can lead to unauthorized access to SANnav’s database, potentially compromising the entire SAN management environment. The vulnerability does not affect integrity or availability directly but could be leveraged for further attacks. No public exploits are known, but the sensitive nature of the data exposed makes this a significant risk. The vulnerability was reserved in November 2025 and published in February 2026, indicating recent discovery and disclosure. Brocade SANnav is widely used in enterprise SAN environments to manage storage networks, making this vulnerability relevant for organizations relying on Brocade’s storage solutions.

For European organizations, the exposure of the SANnav database password could lead to unauthorized access to critical storage management systems, risking data confidentiality and potentially enabling attackers to manipulate or disrupt storage operations. This could affect sectors with heavy reliance on SAN infrastructure, such as finance, telecommunications, healthcare, and government agencies. The breach of storage management credentials could facilitate lateral movement within networks, data exfiltration, or sabotage of storage configurations, impacting business continuity and regulatory compliance (e.g., GDPR). Given the high privileges required to exploit the vulnerability, insider threats or compromised administrative accounts pose the greatest risk. The impact is heightened in environments where audit logs are not adequately protected or monitored, increasing the likelihood of credential theft. Additionally, the lack of known exploits does not diminish the urgency, as attackers could develop tools to leverage this vulnerability once disclosed.

Organizations should immediately upgrade Brocade SANnav to version 2.4.0a or later, where this vulnerability is addressed. Until patching is possible, restrict access to system audit logs strictly to trusted administrators and implement robust access controls and monitoring on these logs to detect unauthorized access attempts. Review and harden logging configurations to avoid sensitive data exposure. Employ network segmentation to limit access to SANnav management interfaces and audit logs. Conduct regular audits of privileged accounts and enforce the principle of least privilege to reduce the risk of credential misuse. Implement multi-factor authentication for all administrative access to SANnav. Additionally, monitor for unusual activities in audit logs and SANnav usage patterns that could indicate exploitation attempts. Maintain an incident response plan tailored to storage infrastructure compromise scenarios. Finally, ensure backups and recovery procedures are tested to mitigate potential impacts from any subsequent attacks leveraging this vulnerability.