CVE-2025-1053 HIGH

CVE-2025-1053: Brocade SANnav encryption key is logged in the debug logs

Vendor Brocade
Product Brocade SANnav
Weakness CWE-532 · Sensitive info in logs
Published February 14, 2025
Last update September 9, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.

Key dates

02Disclosure timeline

February 14, 2025 CVE published
September 9, 2025 Record updated

Related vulnerabilities

04Related CVE