CVE-2025-20287
published 2025-09-03CVE-2025-20287: A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to…
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.29%
21.2th percentile
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. To exploit this vulnerability, an attacker must have at least valid Config Managers credentials on the affected device.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | cisco_evolved_programmable_network_manager | — | — |
| cisco | evolved_programmable_network_manager | <= 8.0.0 | — |
| cisco | evolved_programmable_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets a specific API endpoint via a crafted file upload request to the web-based management interface of Cisco EPNM; monitor for anomalous multipart/file upload HTTP requests to EPNM API endpoints from authenticated sessions with Config Manager-level credentials. ↗
- →Exploitation requires at least Config Manager credentials; alert on privilege-level Config Manager accounts performing file upload operations, especially uploading unexpected file types. ↗
- →Track Cisco bug ID CSCwn55548 for vendor patch and additional technical details that may surface specific endpoint paths or file type indicators. ↗
- ·No workarounds are available for this vulnerability; the only remediation is applying the vendor-released software update. ↗
- ·The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type); detection logic should focus on file type/extension validation bypass patterns at EPNM upload endpoints. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-64x3-j6cg-vq4h: A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attack
ghsa_unreviewed·2025-09-09
CVE-2025-20287 [HIGH] CWE-434 GHSA-64x3-j6cg-vq4h: A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attack
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. To exploit this vulnerability, an attacker must have at least valid Config Managers credentials on the affected device.
Cisco
Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability
vendor_cisco·2025-09-03·CVSS 4.3
CVE-2025-20287 [MEDIUM] CWE-434 Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability
Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. To exploit this vulnerability, an attacker must have at least valid Config Managers credentials on the affected device.
Cisco has released software updates that address this vulnerability. The
Cisco
Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability
vendor_cisco·CVSS 3.1
CVE-2025-20287 Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability
CVE-2025-20287: Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. To exploit this vulnerability, an attacker must have at least valid Config Managers credentials on the affected device. Cisco has released software updates that address this vulne
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-03
Published