CVE-2025-12774 PUBLISHED

SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0

Assigner: brocade
Reserved: 05.11.2025 Published: 03.02.2026 Updated: 03.02.2026

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 4.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	Brocade
Product	SANnav
Versions	Default: unaffected Version SANnav before 3.0 is affected

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36848

Problem Types

CWE-312 Cleartext Storage of Sensitive Information CWE

Impacts

CAPEC-37 Retrieve Embedded Sensitive Data