CVE-2025-12774 – A vulnerability in Brocade SANnav migration scr... (How to Fix)

Q: What is the severity of CVE-2025-12774?

CVE-2025-12774 has a CVSS score of N/A (Unknown). A vulnerability in Brocade SANnav migration scripts before version 3.0 allows sensitive database information to be captured in support save files. Attackers with access to these files can extract database table details and encrypted passwords. This affects Brocade SANnav users running versions before 3.0.

📋 TL;DR

A vulnerability in Brocade SANnav migration scripts before version 3.0 allows sensitive database information to be captured in support save files. Attackers with access to these files can extract database table details and encrypted passwords. This affects Brocade SANnav users running versions before 3.0.

💻 Affected Systems

Products:

Brocade SANnav

Versions: All versions before 3.0

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in migration scripts that generate support save files.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain encrypted passwords and database schema information, potentially enabling credential cracking and further database exploitation.

🟠

Likely Case

Information disclosure of database structure and encrypted credentials, facilitating targeted attacks against the SANnav system.

🟢

If Mitigated

Limited exposure if support save files are properly secured and access controlled.

🌐 Internet-Facing: LOW - Requires access to support save files which are typically not internet-exposed.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could access support files containing sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simply accessing and reading the support save file.

Exploitation requires access to the support save file, which may require some level of system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0 or later

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36848

Restart Required: Yes

Instructions:

1. Download Brocade SANnav version 3.0 or later from Broadcom support portal. 2. Follow the official upgrade/migration guide. 3. Apply the update to all affected SANnav instances. 4. Restart SANnav services.

🔧 Temporary Workarounds

Secure Support Save Files

linux

Restrict access to SANnav support save files using file system permissions.

chmod 600 /path/to/support_save_files/*
chown root:root /path/to/support_save_files/*

Limit Support Save File Generation

all

Only generate support save files when absolutely necessary and delete them immediately after use.

🧯 If You Can't Patch

Implement strict access controls on directories containing support save files
Monitor and audit access to support save files and alert on unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check SANnav version via web interface or CLI. Versions before 3.0 are vulnerable.

Check Version:

Check SANnav web interface or consult SANnav documentation for version check command

Verify Fix Applied:

Confirm SANnav version is 3.0 or later and verify support save files no longer contain sensitive database queries.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to support save file directories
Unexpected generation of support save files

Network Indicators:

Unusual file transfers of large support save files

SIEM Query:

source="*sanav*" AND (event="file_access" OR event="file_download") AND file_path="*support*" AND file_size>100MB

📊 Metadata

CVE ID: CVE-2025-12774

CVSS v3 Score: N/A (Unknown)

CWE: CWE-312

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36848