CVE-2025-6390 is a medium-severity vulnerability affecting Broadcom's Brocade SANnav product versions prior to 2.4.0a. The vulnerability is categorized under CWE-497, which involves the exposure of sensitive system information to an unauthorized control sphere. Specifically, Brocade SANnav improperly logs sensitive credentials—passwords and PBE (Password-Based Encryption) keys—within the server audit logs of the local virtual machine hosting the SANnav server. These audit logs are outside the control of the SANnav application itself and are only accessible to the server administrator of the host system, not to SANnav administrators or users. This means that if an attacker gains access to the host server with administrative privileges, they could retrieve sensitive authentication material from these logs. The vulnerability does not require user interaction but does require high privileges (server admin) to exploit, and it does not affect confidentiality, integrity, or availability of the SANnav application directly but exposes sensitive credentials that could be leveraged for further attacks. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no attack traceability (AT:N), privileges required are high (PR:H), user interaction is required (UI:P), and the vulnerability affects availability (VA:H) but not confidentiality or integrity. However, the description suggests confidentiality impact due to exposure of credentials. No known exploits are currently reported in the wild, and no patches are linked yet, indicating the need for vigilance and prompt remediation once available. Brocade SANnav is a management tool for storage area networks (SANs), widely used in enterprise data centers to manage Brocade Fibre Channel switches and fabrics, making this vulnerability relevant to organizations relying on these infrastructures.

For European organizations, the exposure of passwords and encryption keys in audit logs poses a significant risk to the confidentiality of their SAN management credentials. If an attacker with server admin access compromises the host VM, they could extract these credentials and potentially gain unauthorized access to the SAN infrastructure, leading to unauthorized data access, manipulation, or disruption of storage services. This could impact critical business operations, especially for sectors heavily reliant on SANs such as finance, healthcare, telecommunications, and manufacturing. The vulnerability's requirement for local high privileges limits remote exploitation but elevates the risk from insider threats or attackers who have already breached perimeter defenses. Given the sensitive nature of storage networks and the potential for cascading effects on data availability and integrity, the vulnerability could lead to significant operational disruptions and data breaches if exploited. Furthermore, the lack of visibility of these logs to SANnav admins means that typical SAN management monitoring may not detect this exposure, increasing the risk of unnoticed credential leakage.

European organizations using Brocade SANnav should immediately verify their SANnav version and plan an upgrade to version 2.4.0a or later once available. Until a patch is released, organizations should restrict and monitor access to the host servers running SANnav, ensuring that only trusted administrators have server-level privileges. Implement strict access controls and auditing on the host VM to detect any unauthorized access attempts. Additionally, organizations should review and securely manage audit log storage, possibly isolating or encrypting these logs to prevent unauthorized reading. Employing host-based intrusion detection systems (HIDS) and regular log integrity checks can help identify suspicious activities. It is also advisable to rotate passwords and encryption keys used by SANnav after patching to mitigate any potential credential exposure. Finally, organizations should conduct internal security awareness training emphasizing the risks of local privilege misuse and ensure that server admin accounts follow the principle of least privilege.