CVE-2025-20292

CWE-78 — OS Command Injection4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.2%

top 61.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Nx-os Software Cisco Cisco Nx-os System Software IN ACI Mode Cisco Cisco Unified Computing System (managed)

Timeline

PublishedAug 27

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by entering crafted input as the argument of an affected CLI command. A successful e…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5cisco/cisco_nx-os_system_software_in_aci_mode135 versions+134

▶CVEListV5cisco/cisco_unified_computing_system_(managed)84 versions+83

▶CVEListV5cisco/cisco_nx-os_software222 versions+221

🔴Vulnerability Details

CVEList

Cisco NXOS Software Command Injection Vulnerability↗2025-08-27

▶

GHSA

GHSA-hp2g-vg39-xg22: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlyin↗2025-08-27

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Command Injection Vulnerability↗2025-08-27

▶