CVE-2025-20272 | THREATINT

Description

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.

Reserved 2024-10-10 | Published 2025-07-16 | Updated 2025-07-16 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unknown

3.0.1

affected

3.1.2

affected

1.2

affected

3.1.1

affected

3.1.3

affected

3.1

affected

3.0.3

affected

3.0.2

affected

3.0

affected

2.2

affected

1.1

affected

2.1

affected

2.0

affected

4.1

affected

4.1.1

affected

4.0.3

affected

4.0.1

affected

4.0.2

affected

4.0

affected

5.0

affected

5.0.1

affected

5.1.1

affected

5.1

affected

5.0.2

affected

5.1.2

affected

5.1.3

affected

5.1.4

affected

6.1.1

affected

6.1

affected

6.0.0

affected

6.0.1

affected

6.0.2

affected

7.0.0

affected

1.2.5

affected

1.2.6

affected

2.0.1

affected

1.2.2

affected

1.2.3

affected

1.2.4

affected

1.2.7

affected

1.2.1.2

affected

2.2.1

affected

2.1.3

affected

2.0.2

affected

2.0.3

affected

2.1.2

affected

2.0.4

affected

2.1.1

affected

5.0.2.5

affected

5.1.4.3

affected

6.0.2.1

affected

6.1.1.1

affected

5.0.2.1

affected

5.0.2.2

affected

5.0.2.3

affected

5.0.2.4

affected

5.1.4.1

affected

5.1.4.2

affected

2.1.4

affected

2.2.4

affected

2.2.3

affected

2.2.5

affected

5.1.3.2

affected

5.1.3.1

affected

6.0.1.1

affected

4.1.1.2

affected

4.1.1.1

affected

4.0.3.1

affected

2.0.1.1

affected

2.1.1.3

affected

2.1.1.1

affected

2.1.1.4

affected

2.0.4.2

affected

2.0.4.1

affected

2.1.2.2

affected

2.1.2.3

affected

2.0.2.1

affected

2.1.3.4

affected

2.1.3.3

affected

2.1.3.2

affected

2.1.3.5

affected

2.2.1.2

affected

2.2.1.1

affected

2.2.1.4

affected

2.2.1.3

affected

1.2.4.2

affected

1.2.2.4

affected

6.0.3

affected

5.1.4.4

affected

5.0.2.6

affected

6.0.3.1

affected

6.1.2

affected

6.1.1.2.2

affected

6.1.2.1

affected

6.1.2.2

affected

7.1.1

affected

7.1.2.1

affected

7.0.1.3

affected

7.1.3

affected

7.1.2

affected

7.0.1.2

affected

7.0.1.1

affected

7.0.1

affected

7.1.0

affected

8.0.0

affected

6.1.2.3

affected

8.0.0.1

affected

7.1.3.1

affected

7.1.4

affected

8.1.0

affected

Default status

unknown

3.0.0

affected

3.1.0

affected

3.1.5

affected

2.1

affected

2.0.0

affected

3.6.0

affected

3.7.0

affected

3.4.0

affected

3.3.0

affected

3.2

affected

3.5.0

affected

3.2.0-FIPS

affected

2.2

affected

3.8.0-FED

affected

3.9.0

affected

3.8.0

affected

3.10.0

affected

3.1.1

affected

2.1.2

affected

2.2.1

affected

2.2.0

affected

3.0.2

affected

3.0.3

affected

3.0.1

affected

2.2.2

affected

2.2.3

affected

2.1.0

affected

2.1.1

affected

3.9.1

affected

2.0.10

affected

3.8.1

affected

3.7.1

affected

3.5.1

affected

3.4.2

affected

3.3.1

affected

3.1.7

affected

3.2.1

affected

3.2.2

affected

3.1.6

affected

3.1.2

affected

3.4.1

affected

3.1.3

affected

3.1.4

affected

3.0.6

affected

2.2.10

affected

3.0.4

affected

3.0.5

affected

2.1.56

affected

2.2.4

affected

2.2.9

affected

2.2.8

affected

2.2.5

affected

2.2.7

affected

2.0.39

affected

3.8_DP1

affected

3.9_DP1

affected

3.7_DP2

affected

3.6_DP1

affected

3.5_DP4

affected

3.5_DP2

affected

3.4_DP10

affected

3.7_DP1

affected

3.5_DP3

affected

3.4_DP11

affected

3.5_DP1

affected

3.4_DP8

affected

3.4_DP1

affected

3.4_DP3

affected

3.4_DP5

affected

3.4_DP2

affected

3.4_DP7

affected

3.4_DP6

affected

3.3_DP4

affected

3.4_DP4

affected

3.4_DP9

affected

3.1_DP16

affected

3.3_DP2

affected

3.3_DP3

affected

3.1_DP15

affected

3.3_DP1

affected

3.1_DP13

affected

3.2_DP2

affected

3.2_DP1

affected

3.2_DP3

affected

3.1_DP14

affected

3.2_DP4

affected

3.1_DP7

affected

3.1_DP10

affected

3.1_DP11

affected

3.1_DP4

affected

3.1_DP6

affected

3.1_DP12

affected

3.1_DP5

affected

3.0.7

affected

3.1_DP9

affected

3.1_DP8

affected

3.10_DP1

affected

3.10.2

affected

3.10.3

affected

3.10

affected

3.10.1

affected

3.7.1 Update 03

affected

3.7.1 Update 04

affected

3.7.1 Update 06

affected

3.7.1 Update 07

affected

3.8.1 Update 01

affected

3.8.1 Update 02

affected

3.8.1 Update 03

affected

3.8.1 Update 04

affected

3.9.1 Update 01

affected

3.9.1 Update 02

affected

3.9.1 Update 03

affected

3.9.1 Update 04

affected

3.10 Update 01

affected

3.4.2 Update 01

affected

3.6.0 Update 04

affected

3.6.0 Update 02

affected

3.6.0 Update 03

affected

3.6.0 Update 01

affected

3.5.1 Update 03

affected

3.5.1 Update 01

affected

3.5.1 Update 02

affected

3.7.0 Update 03

affected

2.2.3 Update 05

affected

2.2.3 Update 04

affected

2.2.3 Update 06

affected

2.2.3 Update 03

affected

2.2.3 Update 02

affected

2.2.1 Update 01

affected

2.2.2 Update 03

affected

2.2.2 Update 04

affected

3.8.0 Update 01

affected

3.8.0 Update 02

affected

3.7.1 Update 01

affected

3.7.1 Update 02

affected

3.7.1 Update 05

affected

3.9.0 Update 01

affected

3.3.0 Update 01

affected

3.4.1 Update 02

affected

3.4.1 Update 01

affected

3.5.0 Update 03

affected

3.5.0 Update 01

affected

3.5.0 Update 02

affected

3.10.4

affected

3.10.4 Update 01

affected

3.10.4 Update 02

affected

3.10.4 Update 03

affected

3.10.5

affected

3.10.6

affected

3.10.6 Update 01

affected

References

sec.cloudapps.cisco.com/...sory/cisco-sa-piepnm-bsi-25JJqsbb (cisco-sa-piepnm-bsi-25JJqsbb)

cve.org (CVE-2025-20272)

nvd.nist.gov (CVE-2025-20272)

Download JSON