CVE-2025-6390: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in Broadcom Brocade SANnav
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
AI Analysis
Technical Summary
CVE-2025-6390 is a medium-severity vulnerability affecting Broadcom's Brocade SANnav product versions prior to 2.4.0a. The vulnerability is categorized under CWE-497, which involves the exposure of sensitive system information to an unauthorized control sphere. Specifically, Brocade SANnav improperly logs sensitive credentials—passwords and PBE (Password-Based Encryption) keys—within the server audit logs of the local virtual machine hosting the SANnav server. These audit logs are outside the control of the SANnav application itself and are only accessible to the server administrator of the host system, not to SANnav administrators or users. This means that if an attacker gains access to the host server with administrative privileges, they could retrieve sensitive authentication material from these logs. The vulnerability does not require user interaction but does require high privileges (server admin) to exploit, and it does not affect confidentiality, integrity, or availability of the SANnav application directly but exposes sensitive credentials that could be leveraged for further attacks. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no attack traceability (AT:N), privileges required are high (PR:H), user interaction is required (UI:P), and the vulnerability affects availability (VA:H) but not confidentiality or integrity. However, the description suggests confidentiality impact due to exposure of credentials. No known exploits are currently reported in the wild, and no patches are linked yet, indicating the need for vigilance and prompt remediation once available. Brocade SANnav is a management tool for storage area networks (SANs), widely used in enterprise data centers to manage Brocade Fibre Channel switches and fabrics, making this vulnerability relevant to organizations relying on these infrastructures.
Potential Impact
For European organizations, the exposure of passwords and encryption keys in audit logs poses a significant risk to the confidentiality of their SAN management credentials. If an attacker with server admin access compromises the host VM, they could extract these credentials and potentially gain unauthorized access to the SAN infrastructure, leading to unauthorized data access, manipulation, or disruption of storage services. This could impact critical business operations, especially for sectors heavily reliant on SANs such as finance, healthcare, telecommunications, and manufacturing. The vulnerability's requirement for local high privileges limits remote exploitation but elevates the risk from insider threats or attackers who have already breached perimeter defenses. Given the sensitive nature of storage networks and the potential for cascading effects on data availability and integrity, the vulnerability could lead to significant operational disruptions and data breaches if exploited. Furthermore, the lack of visibility of these logs to SANnav admins means that typical SAN management monitoring may not detect this exposure, increasing the risk of unnoticed credential leakage.
Mitigation Recommendations
European organizations using Brocade SANnav should immediately verify their SANnav version and plan an upgrade to version 2.4.0a or later once available. Until a patch is released, organizations should restrict and monitor access to the host servers running SANnav, ensuring that only trusted administrators have server-level privileges. Implement strict access controls and auditing on the host VM to detect any unauthorized access attempts. Additionally, organizations should review and securely manage audit log storage, possibly isolating or encrypting these logs to prevent unauthorized reading. Employing host-based intrusion detection systems (HIDS) and regular log integrity checks can help identify suspicious activities. It is also advisable to rotate passwords and encryption keys used by SANnav after patching to mitigate any potential credential exposure. Finally, organizations should conduct internal security awareness training emphasizing the risks of local privilege misuse and ensure that server admin accounts follow the principle of least privilege.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2025-6390: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in Broadcom Brocade SANnav
Description
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
AI-Powered Analysis
Technical Analysis
CVE-2025-6390 is a medium-severity vulnerability affecting Broadcom's Brocade SANnav product versions prior to 2.4.0a. The vulnerability is categorized under CWE-497, which involves the exposure of sensitive system information to an unauthorized control sphere. Specifically, Brocade SANnav improperly logs sensitive credentials—passwords and PBE (Password-Based Encryption) keys—within the server audit logs of the local virtual machine hosting the SANnav server. These audit logs are outside the control of the SANnav application itself and are only accessible to the server administrator of the host system, not to SANnav administrators or users. This means that if an attacker gains access to the host server with administrative privileges, they could retrieve sensitive authentication material from these logs. The vulnerability does not require user interaction but does require high privileges (server admin) to exploit, and it does not affect confidentiality, integrity, or availability of the SANnav application directly but exposes sensitive credentials that could be leveraged for further attacks. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no attack traceability (AT:N), privileges required are high (PR:H), user interaction is required (UI:P), and the vulnerability affects availability (VA:H) but not confidentiality or integrity. However, the description suggests confidentiality impact due to exposure of credentials. No known exploits are currently reported in the wild, and no patches are linked yet, indicating the need for vigilance and prompt remediation once available. Brocade SANnav is a management tool for storage area networks (SANs), widely used in enterprise data centers to manage Brocade Fibre Channel switches and fabrics, making this vulnerability relevant to organizations relying on these infrastructures.
Potential Impact
For European organizations, the exposure of passwords and encryption keys in audit logs poses a significant risk to the confidentiality of their SAN management credentials. If an attacker with server admin access compromises the host VM, they could extract these credentials and potentially gain unauthorized access to the SAN infrastructure, leading to unauthorized data access, manipulation, or disruption of storage services. This could impact critical business operations, especially for sectors heavily reliant on SANs such as finance, healthcare, telecommunications, and manufacturing. The vulnerability's requirement for local high privileges limits remote exploitation but elevates the risk from insider threats or attackers who have already breached perimeter defenses. Given the sensitive nature of storage networks and the potential for cascading effects on data availability and integrity, the vulnerability could lead to significant operational disruptions and data breaches if exploited. Furthermore, the lack of visibility of these logs to SANnav admins means that typical SAN management monitoring may not detect this exposure, increasing the risk of unnoticed credential leakage.
Mitigation Recommendations
European organizations using Brocade SANnav should immediately verify their SANnav version and plan an upgrade to version 2.4.0a or later once available. Until a patch is released, organizations should restrict and monitor access to the host servers running SANnav, ensuring that only trusted administrators have server-level privileges. Implement strict access controls and auditing on the host VM to detect any unauthorized access attempts. Additionally, organizations should review and securely manage audit log storage, possibly isolating or encrypting these logs to prevent unauthorized reading. Employing host-based intrusion detection systems (HIDS) and regular log integrity checks can help identify suspicious activities. It is also advisable to rotate passwords and encryption keys used by SANnav after patching to mitigate any potential credential exposure. Finally, organizations should conduct internal security awareness training emphasizing the risks of local privilege misuse and ensure that server admin accounts follow the principle of least privilege.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- brocade
- Date Reserved
- 2025-06-20T02:28:16.267Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68702d97a83201eaaca9fa85
Added to database: 7/10/2025, 9:16:07 PM
Last enriched: 7/10/2025, 9:31:21 PM
Last updated: 7/11/2025, 4:04:09 AM
Views: 3
Related Threats
Patch, track, repeat
MediumPre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs
MediumCVE-2025-50123: CWE-94 Improper Control of Generation of Code ('Code Injection') in Schneider Electric EcoStruxure IT Data Center Expert
HighCVE-2025-3933: CWE-1333 Inefficient Regular Expression Complexity in huggingface huggingface/transformers
MediumCVE-2025-50122: CWE-331 Insufficient Entropy in Schneider Electric EcoStruxure IT Data Center Expert
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.