CVE-2025-12774 MEDIUM

CVE-2025-12774: SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0

Vendor Brocade
Product SANnav
Weakness CWE-312 · Cleartext storage
Published February 3, 2026
Last update February 3, 2026

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 3, 2026 Record updated