Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
AnalysisAI
CVE-2025-6390 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Technical ContextAI
Vulnerability type not specified by vendor.
RemediationAI
Monitor vendor channels for patch availability.
More in Brocade Sannav
View allRADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. Rated critical severity (CVSS 9.8), this vulnerabi
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appl
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnera
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID.
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obt
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the B
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Rated high severity (CVSS 8
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. Rated high severity (CVSS 8.2), this vulnerability is
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21059