CVE-2025-7397 is a medium severity vulnerability affecting Broadcom's Brocade ASCG product versions prior to 3.3.0. The vulnerability arises from the ascgshell component, which is the Command Line Interface (CLI) shell used to manage the device. Specifically, any command executed within the CLI is stored in the command history in cleartext, including sensitive information such as passwords. This cleartext storage of sensitive data corresponds to CWE-312, which highlights the risk of storing confidential information without encryption or adequate protection. An attacker with local authenticated access to the device can access this command history and extract sensitive credentials or other confidential data. The CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:N/SA:N) indicates that exploitation requires local access with high privileges, no user interaction, and results in a high impact on availability. Although no known exploits are currently in the wild, the vulnerability poses a significant risk because it can lead to unauthorized access and potential data breaches if an attacker gains local access to the device. The lack of encryption or obfuscation in the CLI history storage means that sensitive data is exposed to any user who can read the history files, which may include system administrators or attackers who have escalated privileges. This vulnerability is particularly critical in environments where Brocade ASCG devices are used to manage storage or network infrastructure, as compromise could lead to broader system impacts.

For European organizations, this vulnerability could have serious implications, especially those in sectors relying heavily on Brocade ASCG for storage and network management, such as finance, telecommunications, healthcare, and critical infrastructure. Unauthorized access to sensitive credentials stored in cleartext could allow attackers to escalate privileges, move laterally within networks, or exfiltrate sensitive data. Given the high impact on availability indicated by the CVSS vector, exploitation could also disrupt critical services. The requirement for local authenticated access somewhat limits the attack surface; however, insider threats or attackers who have already compromised lower-privileged accounts could leverage this vulnerability to gain further control. In regulated industries within Europe, such as those governed by GDPR, exposure of sensitive information due to this vulnerability could lead to compliance violations and significant financial penalties. Additionally, the potential for data breaches could damage organizational reputation and trust.

To mitigate this vulnerability, European organizations should prioritize upgrading Brocade ASCG to version 3.3.0 or later, where this issue is addressed. Until patching is possible, organizations should restrict local access to the devices strictly to trusted administrators and implement strong access controls and monitoring to detect unauthorized access attempts. It is advisable to audit and securely manage CLI history files, including restricting read permissions and regularly clearing command histories to minimize exposure of sensitive data. Organizations should also consider implementing multi-factor authentication (MFA) for device access to reduce the risk of credential compromise. Additionally, monitoring and alerting on unusual CLI access patterns or privilege escalations can help detect exploitation attempts early. Where feasible, segregate management networks to limit exposure of Brocade ASCG devices to only essential personnel and systems. Finally, organizations should review and update their incident response plans to include scenarios involving credential exposure through CLI history.