CVE-2025-20348

CWE-201CWE-6934 documents4 sources
Severity
5.0MEDIUM
EPSS
0.1%
top 83.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Cisco Nexus Dashboard
Timeline
PublishedAug 27

Description

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

NVDcisco/nexus_dashboard< 4.1\(1g\)
CVEListV5cisco/cisco_nexus_dashboard39 versions+38

🔴Vulnerability Details

2
CVEList
Cisco Nexus Dashboard Unauthorized REST API Vulnerability2025-08-27
GHSA
GHSA-2f8p-x8rh-rm7r: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, lo2025-08-27

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities2025-08-27