CVE-2025-20269
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-10
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | evolved_programmable_network_manager | to 7.1.0 (inc) |
| cisco | evolved_programmable_network_manager | 8.0.0 |
| cisco | evolved_programmable_network_manager | 8.1.0 |
| cisco | prime_infrastructure | to 3.9 (inc) |
| cisco | prime_infrastructure | From 3.10 (inc) to 3.10.6 (inc) |
| cisco | prime_infrastructure | 3.10.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. It allows an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file system by sending specially crafted HTTP requests due to insufficient input validation.
How can this vulnerability impact me? :
The vulnerability could allow an attacker with low privileges to access sensitive files on the affected device, potentially exposing confidential information and compromising the security of the system.