cbcvebase.
CVE-2025-20272
published 2025-07-16

CVE-2025-20272: A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.

Affected

440 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager
ciscocisco_evolved_programmable_network_manager