Brocade SANnav Vulnerability Exposes PBE Key in System Audit Logs
CVE-2025-12679

7.1HIGH

Key Information:

Vendor: Brocade
Status: Sannav
Vendor: CVE Published:; 2 February 2026

What is CVE-2025-12679?

A security flaw exists in Brocade SANnav versions prior to 2.4.0b, where the Password-Based Encryption (PBE) key is inadvertently printed in plaintext within the system audit logs. This vulnerability can be exploited by a remote authenticated attacker who has access to these logs, allowing them to retrieve sensitive encryption keys. It is important to note that this issue only arises during a migration process and is not present in new installations. Access to the audit logs is restricted to privileged users, namely the server administrators, and such logs are not visible to any SANnav admin or user.

Affected Version(s)

SANnav SANnav before 2.4.0b

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2025-12679 Data

JSON