CVE-2025-12773 - Vulnerability Details - OpenCVE

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36847

History

Tue, 03 Feb 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.
Title		Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a
Weaknesses		CWE-209
References		https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36847
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2026-02-03T00:38:08.909Z

Updated: 2026-02-03T01:58:46.979Z

Reserved: 2025-11-05T20:06:40.271Z

Link: CVE-2025-12773

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-03T01:15:57.610

Modified: 2026-02-03T01:15:57.610

Link: CVE-2025-12773

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12773", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2025-11-05T20:06:40.271Z", "datePublished": "2026-02-03T00:38:08.909Z", "dateUpdated": "2026-02-03T01:58:46.979Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SANnav", "vendor": "Brocade", "versions": [{"status": "affected", "version": "before 2.4.0a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: transparent;\">A vulnerability in </span><span style=\"background-color: transparent;\">update-reports-purge-settings.sh</span><span style=\"background-color: transparent;\"> script logging for </span><span style=\"background-color: transparent;\">Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs.</span> <span style=\"background-color: transparent;\">The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.</span></p>"}], "value": "A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs.\u00a0The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2026-02-03T01:58:46.979Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36847"}], "source": {"discovery": "UNKNOWN"}, "title": "Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs.\u00a0The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password."}], "id": "CVE-2025-12773", "lastModified": "2026-02-03T01:15:57.610", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2026-02-03T01:15:57.610", "references": [{"source": "sirt@brocade.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36847"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "sirt@brocade.com", "type": "Secondary"}]}