CVE 4.3 MEDIUM

Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability_CVE-2025-20270

September 3, 2025 invoker category_cve
4.3 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system.

This vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive configuration information on the affected system that should be restricted. To exploit this vulnerability, an attacker must have access as a low-privileged user.  

Basic Information

ID CVE-2025-20270
Source cisco
Published Sep 3, 2025 at 17:39

Affected Product

Vendor Cisco
Product Cisco Evolved Programmable Network Manager (EPNM)
Version 7.0.0
Affected Versions Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.0.0
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.2.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.0.1.3
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.3
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.2
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.0.1.2
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.0.1.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.0.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.0
Cisco Cisco Prime Infrastructure 3.9.0
Cisco Cisco Prime Infrastructure 3.10.0
Cisco Cisco Prime Infrastructure 3.9.1
Cisco Cisco Prime Infrastructure 3.10.2
Cisco Cisco Prime Infrastructure 3.10.3
Cisco Cisco Prime Infrastructure 3.10
Cisco Cisco Prime Infrastructure 3.10.1
Cisco Cisco Prime Infrastructure 3.9.1 Update 01
Cisco Cisco Prime Infrastructure 3.9.1 Update 02
Cisco Cisco Prime Infrastructure 3.9.1 Update 03
Cisco Cisco Prime Infrastructure 3.9.1 Update 04
Cisco Cisco Prime Infrastructure 3.9.0 Update 01
Cisco Cisco Prime Infrastructure 3.10.4
Cisco Cisco Prime Infrastructure 3.10.4 Update 01
Cisco Cisco Prime Infrastructure 3.10.4 Update 02
Cisco Cisco Prime Infrastructure 3.10.4 Update 03
Cisco Cisco Prime Infrastructure 3.10.5
Cisco Cisco Prime Infrastructure 3.10.6
Cisco Cisco Prime Infrastructure 3.10.6 Update 01

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.