Plaintext Passphrase Exposure in Brocade SANnav Product by Broadcom
CVE-2025-4662

5.1MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-4662?

A vulnerability in Brocade SANnav before version 2.4.0a allows for the logging of plaintext passphrases in audit logs during the execution of OpenSSL commands. These logs are generated on the server hosting SANnav and are accessible only to the server administrator, making them non-visible to SANnav users. This flaw poses a risk of sensitive data exposure if not properly mitigated.

Affected Version(s)

Brocade SANnav before SANnav 2.4.0a

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
May 13, 2025