Database Password Exposure in Brocade SANnav by Broadcom
CVE-2025-6392

6.7MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-6392?

Brocade SANnav versions prior to 2.4.0a exhibit a security vulnerability where database passwords can be recorded in clear text within audit logs. This occurs when the daily data dump collector executes docker commands, generating logs that are not controlled by SANnav itself. While these logs are accessible only to the server administrator of the host, they pose a risk of exposing sensitive information if the server's security is compromised. As these logs are not visible to SANnav admins or users, protective measures should be taken to limit unauthorized access to the server.

Affected Version(s)

Brocade SANnav Brocade SANnav versions before 2.4.0a

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jun 20, 2025