CVSS: 5.5EPSS: 0%CPEs: 273EXPL: 0CVE-2025-20213 – Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2025-20213
07 May 2025 — A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials with CLI access on the affected system. This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by running a series of crafted co... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •