CVE-2025-20270

MEDIUM

Cisco EPNM/Prime Infrastructure - Info Disclosure

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive configuration information on the affected system that should be restricted. To exploit this vulnerability, an attacker must have access as a low-privileged user.  

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-dis-zhPPMfgz

Scores

CVSS v3 4.3

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

cisco/evolved_programmable_network_manager < 7.1.0

cisco/prime_infrastructure < 3.9

Published Sep 03, 2025

Tracked Since Feb 18, 2026