CVE-2025-20272

CWE-89 — SQL Injection4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 80.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Evolved Programmable Network Manager (epnm)Cisco Cisco Prime Infrastructure Cisco Evolved Programmable Network Manager +1 more

Timeline

PublishedJul 16

Description

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected de…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5cisco/cisco_evolved_programmable_network_manager_(epnm)110 versions+109

▶NVDcisco/evolved_programmable_network_manager110 versions+109

▶NVDcisco/prime_infrastructure69 versions+68

▶CVEListV5cisco/cisco_prime_infrastructure150 versions+149

🔴Vulnerability Details

GHSA

GHSA-c34r-h49j-vq6w: A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authentica↗2025-07-16

▶

CVEList

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulnerability↗2025-07-16

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability↗2025-07-16

▶