CVE-2025-12774 is a vulnerability identified in Brocade SANnav versions before 3.0, specifically related to the migration script used within the product. The vulnerability involves the cleartext storage of sensitive information, categorized under CWE-312. During the migration process, the script collects database SQL queries and stores them in the SANnav support save file without adequate protection. This file can contain sensitive details including database table structures and encrypted passwords. An attacker who gains access to this support save file—typically requiring local or administrative privileges—can open and analyze it to extract this sensitive information. The vulnerability does not require network access or user interaction but does require high privileges (PR:H) on the system, limiting remote exploitation. The CVSS 4.0 vector indicates low attack vector (local), low complexity, no user interaction, and no privileges required beyond high privileges on the system. The impact on confidentiality is limited but significant, as exposure of database schema and encrypted passwords could facilitate further attacks or unauthorized access. Integrity and availability impacts are minimal. No known exploits are currently in the wild, and no patches are explicitly linked, but upgrading to SANnav 3.0 or later is recommended. The vulnerability highlights the risk of improper handling of sensitive data in support files, which are often overlooked in security policies.

For European organizations, especially those managing critical storage infrastructure with Brocade SANnav, this vulnerability poses a risk of sensitive information leakage. Exposure of database schema and encrypted passwords could enable attackers to better understand the backend database structure, potentially aiding in crafting more effective attacks or escalating privileges. While the vulnerability requires local access and high privileges, insider threats or attackers who have already compromised administrative accounts could exploit this to deepen their foothold. This could lead to unauthorized data access or manipulation within storage management systems, impacting data confidentiality. Given the reliance on SANnav in data centers and enterprise storage environments, any compromise could affect business continuity and data governance compliance, particularly under GDPR regulations. The medium severity rating reflects the limited attack vector but acknowledges the sensitivity of the exposed information. Organizations with stringent data protection requirements and large-scale storage deployments are at higher risk.

1. Upgrade Brocade SANnav to version 3.0 or later where this vulnerability is addressed. 2. Restrict access to SANnav support save files by enforcing strict file system permissions, ensuring only authorized administrators can access these files. 3. Implement monitoring and alerting for unusual access or copying of support save files to detect potential insider threats or unauthorized access. 4. Encrypt backup and support files at rest to add an additional layer of protection against unauthorized disclosure. 5. Conduct regular audits of administrative privileges and access controls on systems running SANnav to minimize the risk of privilege misuse. 6. Educate system administrators about the sensitivity of support save files and the risks associated with sharing or mishandling them. 7. If upgrading is not immediately feasible, consider disabling or limiting the use of migration scripts that generate these support save files, if operationally possible. 8. Maintain up-to-date incident response plans to quickly address any detected compromise involving SANnav support files.