CVE-2025-6390

low-risk

Published 2025-07-10

Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Brocade Sannav

Affected Vendors

Broadcom

References (1)

Vendor Advisory https://support.broadcom.com/web/ecx/support-content-notification/-/external/con...

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal