CVE-2025-20344Path Traversal in Cisco Nexus Dashboard

CWE-22Path Traversal4 documents4 sources
Severity
7.2HIGHNVD
CNA6.5
EPSS
0.1%
top 73.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Nexus Dashboard
Timeline
PublishedAug 27

Description

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying she

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDcisco/nexus_dashboard< 4.1\(1g\)
CVEListV5cisco/cisco_nexus_dashboard39 versions+38

🔴Vulnerability Details

2
CVEList
Cisco Nexus Dashboard Path Traversal Vulnerability2025-08-27
GHSA
GHSA-r35c-j587-4x58: A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal2025-08-27

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Path Traversal Vulnerability2025-08-27
CVE-2025-20344 — Path Traversal in Cisco | cvebase