CVE-2025-20270

CWE-200 — Information Exposure CWE-8355 documents5 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 83.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Cisco Evolved Programmable Network Manager (epnm)+1 more

Timeline

PublishedSep 3

Latest updateSep 9

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged us…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5cisco/cisco_evolved_programmable_network_manager_(epnm)10 versions+9

▶NVDcisco/evolved_programmable_network_manager8.0.0 — 8.0.1+2

▶NVDcisco/prime_infrastructure3.10 — 3.10.6+1

▶CVEListV5cisco/cisco_prime_infrastructure19 versions+18

🔴Vulnerability Details

GHSA

GHSA-rxmg-x4qr-j69v: A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow↗2025-09-09

▶

CVEList

Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability↗2025-09-03

▶

📋Vendor Advisories

Cisco

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Information Disclosure Vulnerability↗2025-09-03

▶

Microsoft

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only c↗2021-03-09

▶