Unrated severityNVD Advisory· Published Feb 2, 2026· Updated Feb 3, 2026

Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)

CVE-2025-12680

Description

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password.

Affected products

Brocade/SANnavllm-fuzzy
Range: <2.4.0b
Brocade/SANnavv5
Range: before Brocade SANnav 2.4.0b

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36844mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000