CVE-2025-7397 is a vulnerability identified in the Brocade ASCG product, specifically affecting versions prior to 3.3.0. The vulnerability resides in the ascgshell component, which is the command line interface (CLI) shell used for managing the device. The issue is that any command executed within the CLI is stored in the command history in cleartext, including sensitive information such as passwords. This cleartext storage of sensitive data corresponds to CWE-312 (Cleartext Storage of Sensitive Information). Because the command history is stored without encryption or obfuscation, a local authenticated user with access to the device can retrieve this history and extract sensitive credentials or other confidential information. This could lead to unauthorized access escalation and potential data breaches. The vulnerability requires local authentication with high privileges (as indicated by the CVSS vector), but does not require user interaction beyond that. The CVSS v4.0 score is 6.8, which is classified as medium severity. The vulnerability does not appear to have known exploits in the wild yet, and no official patches are linked in the provided data, indicating that remediation may require upgrading to version 3.3.0 or later once available. The vulnerability impacts confidentiality and integrity of sensitive information stored on the device, but does not directly affect availability or require network access, limiting its attack surface to local users with elevated privileges.

For European organizations using Brocade ASCG devices, particularly in data centers, telecommunications, or enterprise network infrastructure, this vulnerability poses a significant risk to the confidentiality of sensitive operational credentials. If an attacker gains local authenticated access—such as through compromised credentials or insider threat—they could extract passwords or other secrets from the CLI history, potentially escalating privileges or moving laterally within the network. This could lead to unauthorized access to critical systems, data breaches, and disruption of network services. Given the critical role Brocade ASCG devices often play in managing storage and network fabrics, the impact could extend to sensitive customer data or intellectual property. The vulnerability is especially concerning in regulated industries prevalent in Europe, such as finance, healthcare, and telecommunications, where data protection compliance (e.g., GDPR) is mandatory. The medium severity rating suggests that while the vulnerability is not trivially exploitable remotely, the consequences of exploitation are serious enough to warrant prompt mitigation.

European organizations should take the following specific steps to mitigate this vulnerability: 1) Immediately audit and restrict local access to Brocade ASCG devices to trusted administrators only, enforcing strict access controls and monitoring. 2) Upgrade Brocade ASCG devices to version 3.3.0 or later once the vendor releases a patch that addresses this issue, as this is the definitive fix. 3) In the interim, disable or limit CLI command history logging if configurable, or implement secure logging practices that do not store sensitive information in cleartext. 4) Rotate any credentials that may have been exposed via CLI history to prevent unauthorized reuse. 5) Implement enhanced monitoring and alerting for suspicious local access or privilege escalations on affected devices. 6) Conduct regular security training for administrators to avoid entering sensitive information directly into CLI commands where possible. 7) Consider network segmentation to isolate management interfaces of Brocade ASCG devices from general user networks to reduce risk of local access by unauthorized users.