CVE-2025-20294OS Command Injection in Cisco Unified Computing System

CWE-78OS Command Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 84.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedAug 27

Description

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are due to insufficient input validation of command arguments supplied by the user. An attacker could exploit these vulnerabilities by authenticating to a device and submitting crafted input to the affected c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system105 versions+104

🔴Vulnerability Details

2
CVEList
Cisco UCS Manager Software Command Injection Vulnerability2025-08-27
GHSA
GHSA-66vr-3cp3-25g7: Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker wit2025-08-27

📋Vendor Advisories

1
Cisco
Cisco UCS Manager Software Command Injection Vulnerabilities2025-08-27
CVE-2025-20294 — OS Command Injection in Cisco | cvebase