CVE-2025-6392 is a medium-severity vulnerability affecting Broadcom's Brocade SANnav product versions prior to 2.4.0a. The vulnerability arises from the improper handling of sensitive information, specifically database passwords, which are logged in clear text within the audit logs of the local server virtual machine. This occurs when the daily data dump collector component invokes docker exec commands. These audit logs reside on the host server VM and are not managed or controlled by the SANnav application itself. Importantly, these logs are only accessible to the server administrators of the host machine and are not visible to SANnav administrators or users. The vulnerability is classified under CWE-532, which pertains to the insertion of sensitive information into log files, potentially exposing secrets to unauthorized parties with access to the host server. The CVSS v4.0 base score is 6.7, reflecting a medium severity level, with an attack vector limited to local access (AV:L), requiring low attack complexity (AC:L), no privileges required for the attacker (PR:H indicates high privileges required, so this is a bit contradictory but likely means the attacker needs high privileges), no user interaction, and high impact on availability. No known exploits are currently reported in the wild. The vulnerability does not affect the confidentiality, integrity, or availability of the SANnav application directly but poses a risk if an attacker gains access to the host server and can read these logs, potentially allowing credential compromise and subsequent lateral movement or privilege escalation within the environment.

For European organizations utilizing Brocade SANnav versions prior to 2.4.0a, this vulnerability presents a risk primarily to the confidentiality of database credentials. If an attacker or malicious insider gains administrative access to the host server VM, they could extract database passwords from the audit logs, potentially compromising the SAN infrastructure. This could lead to unauthorized access to storage area networks (SANs), data exfiltration, or disruption of critical storage services. Given that SANnav is used to manage and monitor SAN environments, compromise of these credentials could undermine the integrity and availability of storage resources, impacting business-critical applications and data. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government agencies across Europe, may face increased risk due to the sensitivity of the data stored on SANs. However, since the logs are not accessible remotely or by SANnav users, the threat is mitigated by the need for local administrative access, limiting the attack surface to insiders or attackers who have already breached the host server.

To mitigate this vulnerability, European organizations should prioritize upgrading Brocade SANnav to version 2.4.0a or later, where this logging issue has been addressed. Until the update can be applied, organizations should restrict and monitor administrative access to the host server VM to prevent unauthorized users from accessing audit logs. Implement strict access controls and auditing on the host server to detect any suspicious activity related to log file access. Additionally, consider encrypting audit logs at the filesystem level or using secure logging mechanisms that prevent sensitive information from being stored in clear text. Regularly review and rotate database credentials to limit the window of exposure if credentials are compromised. Network segmentation and isolation of management servers can further reduce the risk of lateral movement by attackers who gain initial access. Finally, conduct security awareness training for administrators to highlight the importance of protecting host server environments and sensitive log data.