VDB
CVE-2025-20287
CVE-2025-20287
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. To exploit this vulnerability, an attacker must have at least valid Config Managers credentials on the affected device.
EPSS 0.07% · 21.7th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.07%
21.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | evolved_programmable_network_manager | 0 |
| Cisco | Cisco Evolved Programmable Network Manager (EPNM) | 7.0.0, 7.1.1, 7.1.2.1 |
Exploit Intelligence
- CIRCL seen: CVE-2025-20287 (circl-sighting)
- cisco-sa-epni-arb-file-upload-jjdM2P83 (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Sep 3, 2025 CVE Published
- Sep 3, 2025 PoC Published
- Sep 4, 2025 EPSS Score
- Sep 5, 2025 CVE Updated
- Sep 9, 2025 Coalition ESS Score
- Sep 12, 2025 EPSS Score
- Sep 19, 2025 EPSS Score
- Sep 23, 2025 Coalition ESS Score
- Sep 27, 2025 EPSS Score
- Oct 4, 2025 EPSS Score
- Oct 12, 2025 EPSS Score