CVE-2025-20119
MEDIUMCisco APIC Authenticated DoS via Race Condition in File Permissions
Title source: llmDescription
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.
References (1)
Core 1
Core References
Scores
CVSS v3
6.0
EPSS
0.0004
EPSS Percentile
12.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-362
Status
published
Products (50)
cisco/application_policy_infrastructure_controller
3.2\(1l\)
cisco/application_policy_infrastructure_controller
3.2\(1m\)
cisco/application_policy_infrastructure_controller
3.2\(2l\)
cisco/application_policy_infrastructure_controller
3.2\(2o\)
cisco/application_policy_infrastructure_controller
3.2\(3i\)
cisco/application_policy_infrastructure_controller
3.2\(3j\)
cisco/application_policy_infrastructure_controller
3.2\(3n\)
cisco/application_policy_infrastructure_controller
3.2\(3o\)
cisco/application_policy_infrastructure_controller
3.2\(3r\)
cisco/application_policy_infrastructure_controller
3.2\(3s\)
... and 40 more
Published
Feb 26, 2025
Tracked Since
Feb 18, 2026