CVE-2025-20269
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/08/2025
Last modified:
10/09/2025
Description
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file system on an affected device.<br />
<br />
This vulnerability is due to insufficient input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface on an affected device. A successful exploit could allow the attacker to access&nbsp;sensitive files from the affected device.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* | 7.1.0 (including) | |
| cpe:2.3:a:cisco:evolved_programmable_network_manager:8.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:evolved_programmable_network_manager:8.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* | 3.9 (including) | |
| cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* | 3.10 (including) | 3.10.6 (including) |
| cpe:2.3:a:cisco:prime_infrastructure:3.10.6:security_update_01:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-TET4GxBX
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682