CVSS: 4.4EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20118 – Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-20118
26 Feb 2025 — A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful explo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.1EPSS: 0%CPEs: 61EXPL: 0CVE-2025-20161 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-20161
26 Feb 2025 — A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20117 – Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-20117
26 Feb 2025 — A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20116 – Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20116
26 Feb 2025 — A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the co... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 53EXPL: 0CVE-2025-20111 – Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20111
26 Feb 2025 — A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-20211 – Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20211
19 Feb 2025 — A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbi... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-GDPgJ58P • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20153 – Cisco ESA mail Bypass
https://notcve.org/view.php?id=CVE-2025-20153
19 Feb 2025 — A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filter... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw • CWE-284: Improper Access Control •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20158 – Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-20158
19 Feb 2025 — A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnera... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1197EXPL: 0CVE-2025-20169
https://notcve.org/view.php?id=CVE-2025-20169
05 Feb 2025 — A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affe... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 7.7EPSS: 0%CPEs: 595EXPL: 0CVE-2025-20175
https://notcve.org/view.php?id=CVE-2025-20175
05 Feb 2025 — A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affe... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW • CWE-805: Buffer Access with Incorrect Length Value •