Brocade SANnav Vulnerability Exposes PBE Key in System Audit Logs
CVE-2025-12679

7.1HIGH

Key Information:

Vendor: Brocade
Status: Sannav
Vendor: CVE Published:; 2 February 2026

What is CVE-2025-12679?

A security flaw exists in Brocade SANnav versions prior to 2.4.0b, where the Password-Based Encryption (PBE) key is inadvertently printed in plaintext within the system audit logs. This vulnerability can be exploited by a remote authenticated attacker who has access to these logs, allowing them to retrieve sensitive encryption keys. It is important to note that this issue only arises during a migration process and is not present in new installations. Access to the audit logs is restricted to privileged users, namely the server administrators, and such logs are not visible to any SANnav admin or user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SANnav SANnav before 2.4.0b

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Nov 3, 2025

JSON

Brocade

What is CVE-2025-12679?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.