Security Bulletin: FlashArray KEK Logging Vulnerability (CVE-2025-2327)

Audience
Public
Product
FlashArray
Content Type
Source Type
Common Vulnerabilities and Exposures (CVE)

Security Bulletin: FlashArray KEK Logging Vulnerability (CVE-2025-2327)

Vulnerability Status: Final Source: Pure Storage Initial Publication Date: 2025-06-16 Last Updated: 2025-08-12 11:06:31

Summary:

A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.


CVE#: CVE-2025-2327

Severity (v3): 3 - Medium

Product(s): FlashArray

Version First Fixed: Purity//FA 6.5.11, Purity//FA 6.7.4, Purity//FA 6.8.6


References:

https://nvd.nist.gov/vuln/detail/CVE-2025-2327