CVE-2025-20269

CVE Database · CVE-2025-20269

CVE-2025-20269

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

0.39%

Published

Aug 20, 2025

Modified

Sep 10, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file system on an affected device. This vulnerability is due to insufficient input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface on an affected device. A successful exploit could allow the attacker to access sensitive files from the affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-73

Affected Products (6)

cisco · evolved_programmable_network_managervulnerable

cisco · prime_infrastructurevulnerable

References (4)

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820

Permissions RequiredProduct

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

Not Applicable

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-TET4GxBX

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682

Not Applicable

KEV Catalog EPSS Scores Vendors All CVEs