CVE-2025-20348
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-08
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | nexus_dashboard | to 4.1\(1g\) (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC). It allows an authenticated, low-privileged, remote attacker to bypass missing authorization controls on some REST API endpoints. By sending crafted API requests, the attacker could view sensitive information or upload and modify files on the affected device, potentially performing limited Administrator functions such as accessing HTTP Proxy and NTP configuration details and damaging image files.
How can this vulnerability impact me? :
The vulnerability could allow an attacker with low privileges to gain access to sensitive configuration information and perform limited administrative actions on the affected device. This could lead to unauthorized disclosure of sensitive data, modification or damage of important files, and potential disruption of device operations.