CVE-2025-58379 is a vulnerability classified under CWE-250 (Execution with Unnecessary Privileges) affecting Brocade Fabric OS versions prior to 9.2.1. The flaw allows a local authenticated attacker with lower privileges to execute certain commands that inadvertently reveal command line passwords or other sensitive information associated with higher privilege accounts. This occurs because the system executes commands with more privileges than necessary, exposing sensitive data to less privileged users. The vulnerability requires the attacker to have local access and some level of authentication, along with user interaction to execute the commands that disclose the credentials. The CVSS 4.0 base score is 6.0, indicating a medium severity level, reflecting the moderate impact on confidentiality and the limited attack vector (local access). The vulnerability does not affect system integrity or availability directly but compromises confidentiality by leaking passwords that could be leveraged for privilege escalation or lateral movement within the network. No public exploits or active exploitation have been reported to date. The vulnerability is particularly relevant for organizations using Brocade Fabric OS in their SAN (Storage Area Network) or network fabric environments, where unauthorized access to credentials could compromise critical infrastructure components. The vendor has not yet provided patch links, but upgrading to version 9.2.1 or later is recommended to remediate the issue.

For European organizations, the primary impact of CVE-2025-58379 is the potential exposure of sensitive command line passwords within Brocade Fabric OS environments. This could lead to unauthorized access to storage or network fabric components, enabling attackers to escalate privileges or move laterally within critical infrastructure. Confidentiality breaches could result in data exposure or manipulation, undermining compliance with data protection regulations such as GDPR. While the vulnerability does not directly affect system availability or integrity, the indirect consequences of credential exposure could disrupt business operations or compromise sensitive data. Organizations with large-scale storage deployments or critical data centers relying on Brocade Fabric OS are at heightened risk. The requirement for local authenticated access limits the attack surface but does not eliminate the threat, especially in environments with multiple administrators or users with some level of access. The absence of known exploits reduces immediate risk but should not delay remediation efforts given the potential severity of credential leakage.

1. Upgrade Brocade Fabric OS to version 9.2.1 or later as soon as possible to eliminate the vulnerability. 2. Restrict local access to Brocade Fabric OS devices strictly to trusted and authorized personnel to minimize the risk of exploitation. 3. Implement strong authentication and access control policies to limit the number of users with local access and reduce privilege levels where feasible. 4. Monitor and audit command executions on Brocade Fabric OS devices to detect any unusual or unauthorized attempts to access sensitive information. 5. Employ network segmentation to isolate management interfaces of Brocade Fabric OS from general user networks, reducing exposure to local attackers. 6. Educate administrators and users about the risks of executing commands that may expose sensitive information and enforce least privilege principles. 7. Regularly review and update security policies related to storage and network fabric management to incorporate lessons learned from this vulnerability.