CVE-2025-20347Protection Mechanism Failure in Cisco Nexus Dashboard

CWE-693Protection Mechanism FailureCWE-201Sensitive Info Insertion into Sent Data4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 84.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Data Center Network Manager
Timeline
PublishedAug 27

Description

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDcisco/nexus_dashboard< 4.1\(1g\)
CVEListV5cisco/cisco_data_center_network_manager40 versions+39

🔴Vulnerability Details

2
CVEList
Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability2025-08-27
GHSA
GHSA-2cfq-jpg3-8hhw: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, lo2025-08-27

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities2025-08-27
CVE-2025-20347 — Protection Mechanism Failure in Cisco | cvebase