CVE-2025-2327

CVSS

No CVSS.

flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

References

Link	Resource
https://support.purestorage.com/category/m_pure_storage_product_security

Configurations

No configuration.

History

17 Jun 2025, 20:50

Type	Values Removed	Values Added
Summary		(es) Existe una falla en FlashArray por la cual la clave de cifrado de clave (KEK) se registra durante la rotación de clave cuando se configura RDL.

16 Jun 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-16 17:15

Updated : 2025-06-17 20:50

NVD link : CVE-2025-2327

Mitre link : CVE-2025-2327

CVE.ORG link : CVE-2025-2327

JSON object : View

Products Affected

No product.

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2025-2327", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-16T17:15:28.890", "references": [{"url": "https://support.purestorage.com/category/m_pure_storage_product_security", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured."}, {"lang": "es", "value": "Existe una falla en FlashArray por la cual la clave de cifrado de clave (KEK) se registra durante la rotaci\u00f3n de clave cuando se configura RDL."}], "lastModified": "2025-06-17T20:50:23.507", "sourceIdentifier": "[email protected]"}

CVE-2025-2327

JSON object

Attach tags to CVE-2025-2327

Attach tags to `CVE-2025-2327`