Database Password Exposure in Brocade SANnav by Broadcom
CVE-2025-6392

6.7MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-6392?

Brocade SANnav versions prior to 2.4.0a exhibit a security vulnerability where database passwords can be recorded in clear text within audit logs. This occurs when the daily data dump collector executes docker commands, generating logs that are not controlled by SANnav itself. While these logs are accessible only to the server administrator of the host, they pose a risk of exposing sensitive information if the server's security is compromised. As these logs are not visible to SANnav admins or users, protective measures should be taken to limit unauthorized access to the server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Brocade SANnav Brocade SANnav versions before 2.4.0a

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jun 20, 2025

JSON

Broadcom

What is CVE-2025-6392?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.