Skip to main content

CVE-2025-6390: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in Broadcom Brocade SANnav

Medium
VulnerabilityCVE-2025-6390cvecve-2025-6390cwe-497
Published: Thu Jul 10 2025 (07/10/2025, 21:07:02 UTC)
Source: CVE Database V5
Vendor/Project: Broadcom
Product: Brocade SANnav

Description

Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

AI-Powered Analysis

AILast updated: 07/10/2025, 21:31:21 UTC

Technical Analysis

CVE-2025-6390 is a medium-severity vulnerability affecting Broadcom's Brocade SANnav product versions prior to 2.4.0a. The vulnerability is categorized under CWE-497, which involves the exposure of sensitive system information to an unauthorized control sphere. Specifically, Brocade SANnav improperly logs sensitive credentials—passwords and PBE (Password-Based Encryption) keys—within the server audit logs of the local virtual machine hosting the SANnav server. These audit logs are outside the control of the SANnav application itself and are only accessible to the server administrator of the host system, not to SANnav administrators or users. This means that if an attacker gains access to the host server with administrative privileges, they could retrieve sensitive authentication material from these logs. The vulnerability does not require user interaction but does require high privileges (server admin) to exploit, and it does not affect confidentiality, integrity, or availability of the SANnav application directly but exposes sensitive credentials that could be leveraged for further attacks. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no attack traceability (AT:N), privileges required are high (PR:H), user interaction is required (UI:P), and the vulnerability affects availability (VA:H) but not confidentiality or integrity. However, the description suggests confidentiality impact due to exposure of credentials. No known exploits are currently reported in the wild, and no patches are linked yet, indicating the need for vigilance and prompt remediation once available. Brocade SANnav is a management tool for storage area networks (SANs), widely used in enterprise data centers to manage Brocade Fibre Channel switches and fabrics, making this vulnerability relevant to organizations relying on these infrastructures.

Potential Impact

For European organizations, the exposure of passwords and encryption keys in audit logs poses a significant risk to the confidentiality of their SAN management credentials. If an attacker with server admin access compromises the host VM, they could extract these credentials and potentially gain unauthorized access to the SAN infrastructure, leading to unauthorized data access, manipulation, or disruption of storage services. This could impact critical business operations, especially for sectors heavily reliant on SANs such as finance, healthcare, telecommunications, and manufacturing. The vulnerability's requirement for local high privileges limits remote exploitation but elevates the risk from insider threats or attackers who have already breached perimeter defenses. Given the sensitive nature of storage networks and the potential for cascading effects on data availability and integrity, the vulnerability could lead to significant operational disruptions and data breaches if exploited. Furthermore, the lack of visibility of these logs to SANnav admins means that typical SAN management monitoring may not detect this exposure, increasing the risk of unnoticed credential leakage.

Mitigation Recommendations

European organizations using Brocade SANnav should immediately verify their SANnav version and plan an upgrade to version 2.4.0a or later once available. Until a patch is released, organizations should restrict and monitor access to the host servers running SANnav, ensuring that only trusted administrators have server-level privileges. Implement strict access controls and auditing on the host VM to detect any unauthorized access attempts. Additionally, organizations should review and securely manage audit log storage, possibly isolating or encrypting these logs to prevent unauthorized reading. Employing host-based intrusion detection systems (HIDS) and regular log integrity checks can help identify suspicious activities. It is also advisable to rotate passwords and encryption keys used by SANnav after patching to mitigate any potential credential exposure. Finally, organizations should conduct internal security awareness training emphasizing the risks of local privilege misuse and ensure that server admin accounts follow the principle of least privilege.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
brocade
Date Reserved
2025-06-20T02:28:16.267Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68702d97a83201eaaca9fa85

Added to database: 7/10/2025, 9:16:07 PM

Last enriched: 7/10/2025, 9:31:21 PM

Last updated: 7/10/2025, 9:31:21 PM

Views: 2

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats