CVE-2025-20347 MEDIUM

CVE-2025-20347: Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

Vendor Cisco
Product Cisco Data Center Network Manager
Weakness CWE-693
Published August 27, 2025
Last update August 27, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device.

Key dates

02Disclosure timeline

August 27, 2025 CVE published
August 27, 2025 Record updated