Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored...

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

Basic Information

ID CVE-2025-20280

Source cisco

Published Sep 3, 2025 at 17:40

Modified Sep 3, 2025 at 17:58

Affected Product

Vendor Cisco

Product Cisco Evolved Programmable Network Manager (EPNM)

Version 8.0.0

Affected Versions Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0.1
Cisco Cisco Prime Infrastructure 3.0.0
Cisco Cisco Prime Infrastructure 3.1.0
Cisco Cisco Prime Infrastructure 3.1.5
Cisco Cisco Prime Infrastructure 3.6.0
Cisco Cisco Prime Infrastructure 3.7.0
Cisco Cisco Prime Infrastructure 3.4.0
Cisco Cisco Prime Infrastructure 3.3.0
Cisco Cisco Prime Infrastructure 3.2
Cisco Cisco Prime Infrastructure 3.5.0
Cisco Cisco Prime Infrastructure 3.2.0-FIPS
Cisco Cisco Prime Infrastructure 3.8.0-FED
Cisco Cisco Prime Infrastructure 3.9.0
Cisco Cisco Prime Infrastructure 3.8.0
Cisco Cisco Prime Infrastructure 3.10.0
Cisco Cisco Prime Infrastructure 3.1.1
Cisco Cisco Prime Infrastructure 3.0.2
Cisco Cisco Prime Infrastructure 3.0.3
Cisco Cisco Prime Infrastructure 3.0.1
Cisco Cisco Prime Infrastructure 3.8.1
Cisco Cisco Prime Infrastructure 3.7.1
Cisco Cisco Prime Infrastructure 3.5.1
Cisco Cisco Prime Infrastructure 3.4.2
Cisco Cisco Prime Infrastructure 3.3.1
Cisco Cisco Prime Infrastructure 3.1.7
Cisco Cisco Prime Infrastructure 3.2.1
Cisco Cisco Prime Infrastructure 3.2.2
Cisco Cisco Prime Infrastructure 3.1.6
Cisco Cisco Prime Infrastructure 3.1.2
Cisco Cisco Prime Infrastructure 3.4.1
Cisco Cisco Prime Infrastructure 3.1.3
Cisco Cisco Prime Infrastructure 3.1.4
Cisco Cisco Prime Infrastructure 3.0.6
Cisco Cisco Prime Infrastructure 3.0.4
Cisco Cisco Prime Infrastructure 3.0.5
Cisco Cisco Prime Infrastructure 3.0.7
Cisco Cisco Prime Infrastructure 3.10.2
Cisco Cisco Prime Infrastructure 3.10.3
Cisco Cisco Prime Infrastructure 3.10
Cisco Cisco Prime Infrastructure 3.10.1
Cisco Cisco Prime Infrastructure 3.7.1 Update 03
Cisco Cisco Prime Infrastructure 3.7.1 Update 04
Cisco Cisco Prime Infrastructure 3.7.1 Update 06
Cisco Cisco Prime Infrastructure 3.7.1 Update 07
Cisco Cisco Prime Infrastructure 3.8.1 Update 01
Cisco Cisco Prime Infrastructure 3.8.1 Update 02
Cisco Cisco Prime Infrastructure 3.8.1 Update 03
Cisco Cisco Prime Infrastructure 3.8.1 Update 04
Cisco Cisco Prime Infrastructure 3.4.2 Update 01
Cisco Cisco Prime Infrastructure 3.6.0 Update 04
Cisco Cisco Prime Infrastructure 3.6.0 Update 02
Cisco Cisco Prime Infrastructure 3.6.0 Update 03
Cisco Cisco Prime Infrastructure 3.6.0 Update 01
Cisco Cisco Prime Infrastructure 3.5.1 Update 03
Cisco Cisco Prime Infrastructure 3.5.1 Update 01
Cisco Cisco Prime Infrastructure 3.5.1 Update 02
Cisco Cisco Prime Infrastructure 3.7.0 Update 03
Cisco Cisco Prime Infrastructure 3.8.0 Update 01
Cisco Cisco Prime Infrastructure 3.8.0 Update 02
Cisco Cisco Prime Infrastructure 3.7.1 Update 01
Cisco Cisco Prime Infrastructure 3.7.1 Update 02
Cisco Cisco Prime Infrastructure 3.7.1 Update 05
Cisco Cisco Prime Infrastructure 3.3.0 Update 01
Cisco Cisco Prime Infrastructure 3.4.1 Update 02
Cisco Cisco Prime Infrastructure 3.4.1 Update 01
Cisco Cisco Prime Infrastructure 3.5.0 Update 03
Cisco Cisco Prime Infrastructure 3.5.0 Update 01
Cisco Cisco Prime Infrastructure 3.5.0 Update 02
Cisco Cisco Prime Infrastructure 3.10.4
Cisco Cisco Prime Infrastructure 3.10.4 Update 01
Cisco Cisco Prime Infrastructure 3.10.4 Update 02
Cisco Cisco Prime Infrastructure 3.10.4 Update 03
Cisco Cisco Prime Infrastructure 3.10.5
Cisco Cisco Prime Infrastructure 3.10.6
Cisco Cisco Prime Infrastructure 3.10.6 Update 01

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-XjQZsyCP

{
    "lastseen": "",
    "description": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.",
    "published": "2025-09-03T17:40:21.391Z",
    "modified": "2025-09-03T17:58:33.904Z",
    "type": "cve",
    "title": "Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-XjQZsyCP",
    "id": "CVE-2025-20280",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0.1\nCisco Cisco Prime Infrastructure 3.0.0\nCisco Cisco Prime Infrastructure 3.1.0\nCisco Cisco Prime Infrastructure 3.1.5\nCisco Cisco Prime Infrastructure 3.6.0\nCisco Cisco Prime Infrastructure 3.7.0\nCisco Cisco Prime Infrastructure 3.4.0\nCisco Cisco Prime Infrastructure 3.3.0\nCisco Cisco Prime Infrastructure 3.2\nCisco Cisco Prime Infrastructure 3.5.0\nCisco Cisco Prime Infrastructure 3.2.0-FIPS\nCisco Cisco Prime Infrastructure 3.8.0-FED\nCisco Cisco Prime Infrastructure 3.9.0\nCisco Cisco Prime Infrastructure 3.8.0\nCisco Cisco Prime Infrastructure 3.10.0\nCisco Cisco Prime Infrastructure 3.1.1\nCisco Cisco Prime Infrastructure 3.0.2\nCisco Cisco Prime Infrastructure 3.0.3\nCisco Cisco Prime Infrastructure 3.0.1\nCisco Cisco Prime Infrastructure 3.8.1\nCisco Cisco Prime Infrastructure 3.7.1\nCisco Cisco Prime Infrastructure 3.5.1\nCisco Cisco Prime Infrastructure 3.4.2\nCisco Cisco Prime Infrastructure 3.3.1\nCisco Cisco Prime Infrastructure 3.1.7\nCisco Cisco Prime Infrastructure 3.2.1\nCisco Cisco Prime Infrastructure 3.2.2\nCisco Cisco Prime Infrastructure 3.1.6\nCisco Cisco Prime Infrastructure 3.1.2\nCisco Cisco Prime Infrastructure 3.4.1\nCisco Cisco Prime Infrastructure 3.1.3\nCisco Cisco Prime Infrastructure 3.1.4\nCisco Cisco Prime Infrastructure 3.0.6\nCisco Cisco Prime Infrastructure 3.0.4\nCisco Cisco Prime Infrastructure 3.0.5\nCisco Cisco Prime Infrastructure 3.0.7\nCisco Cisco Prime Infrastructure 3.10.2\nCisco Cisco Prime Infrastructure 3.10.3\nCisco Cisco Prime Infrastructure 3.10\nCisco Cisco Prime Infrastructure 3.10.1\nCisco Cisco Prime Infrastructure 3.7.1 Update 03\nCisco Cisco Prime Infrastructure 3.7.1 Update 04\nCisco Cisco Prime Infrastructure 3.7.1 Update 06\nCisco Cisco Prime Infrastructure 3.7.1 Update 07\nCisco Cisco Prime Infrastructure 3.8.1 Update 01\nCisco Cisco Prime Infrastructure 3.8.1 Update 02\nCisco Cisco Prime Infrastructure 3.8.1 Update 03\nCisco Cisco Prime Infrastructure 3.8.1 Update 04\nCisco Cisco Prime Infrastructure 3.4.2 Update 01\nCisco Cisco Prime Infrastructure 3.6.0 Update 04\nCisco Cisco Prime Infrastructure 3.6.0 Update 02\nCisco Cisco Prime Infrastructure 3.6.0 Update 03\nCisco Cisco Prime Infrastructure 3.6.0 Update 01\nCisco Cisco Prime Infrastructure 3.5.1 Update 03\nCisco Cisco Prime Infrastructure 3.5.1 Update 01\nCisco Cisco Prime Infrastructure 3.5.1 Update 02\nCisco Cisco Prime Infrastructure 3.7.0 Update 03\nCisco Cisco Prime Infrastructure 3.8.0 Update 01\nCisco Cisco Prime Infrastructure 3.8.0 Update 02\nCisco Cisco Prime Infrastructure 3.7.1 Update 01\nCisco Cisco Prime Infrastructure 3.7.1 Update 02\nCisco Cisco Prime Infrastructure 3.7.1 Update 05\nCisco Cisco Prime Infrastructure 3.3.0 Update 01\nCisco Cisco Prime Infrastructure 3.4.1 Update 02\nCisco Cisco Prime Infrastructure 3.4.1 Update 01\nCisco Cisco Prime Infrastructure 3.5.0 Update 03\nCisco Cisco Prime Infrastructure 3.5.0 Update 01\nCisco Cisco Prime Infrastructure 3.5.0 Update 02\nCisco Cisco Prime Infrastructure 3.10.4\nCisco Cisco Prime Infrastructure 3.10.4 Update 01\nCisco Cisco Prime Infrastructure 3.10.4 Update 02\nCisco Cisco Prime Infrastructure 3.10.4 Update 03\nCisco Cisco Prime Infrastructure 3.10.5\nCisco Cisco Prime Infrastructure 3.10.6\nCisco Cisco Prime Infrastructure 3.10.6 Update 01",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Evolved Programmable Network Manager (EPNM)",
    "version": "8.0.0",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability_CVE-2025-20280

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply