CVE-2025-20295OS Command Injection in Cisco Unified Computing System

CWE-78OS Command Injection4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 94.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedAug 27

Description

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affec

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system105 versions+104

🔴Vulnerability Details

2
CVEList
Cisco UCS Manager Software Command Injection Vulnerability2025-08-27
GHSA
GHSA-g93h-9p7r-vhfm: A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create2025-08-27

📋Vendor Advisories

1
Cisco
Cisco UCS Manager Software Command Injection Vulnerabilities2025-08-27
CVE-2025-20295 — OS Command Injection in Cisco | cvebase