CVE-2025-20150Information Exposure via Error Message in Cisco Nexus Dashboard

CWE-209Information Exposure via Error Message4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 71.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Nexus Dashboard
Timeline
PublishedApr 16

Description

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/nexus_dashboard< 3.2\(2f\)
CVEListV5cisco/cisco_nexus_dashboard22 versions+21

🔴Vulnerability Details

2
CVEList
Cisco Nexus Dashboard Username Enumeration Vulnerability2025-04-16
GHSA
GHSA-6938-r83g-5rjp: A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts2025-04-16

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability2025-04-16
CVE-2025-20150 — Information Exposure via Error Message | cvebase