Password Logging Vulnerability in Brocade SANnav Software by Broadcom
CVE-2025-6390

5.1MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-6390?

An information disclosure vulnerability exists in Brocade SANnav that allows sensitive data, such as passwords and encryption keys, to be logged in the server's audit logs. This occurs under specific conditions following installation and affects local server VM audit logs. Importantly, these logs can only be accessed by the server administrator and remain hidden from SANnav administrators and users, potentially exposing critical information unintentionally.

Affected Version(s)

Brocade SANnav before SANnav 2.4.0a

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jun 20, 2025