VDB
CVE-2025-20344
CVE-2025-20344
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device.
EPSS 0.14% · 34.1th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.14%
34.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | nexus_dashboard | 0 |
| Cisco | Cisco Nexus Dashboard | 1.1(0d), 1.1(2i), 2.0(1b) |
Exploit Intelligence
- cisco-sa-nd-ptrs-XU2Fm2Wb (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Aug 27, 2025 Coalition ESS Score
- Aug 27, 2025 CVE Published
- Aug 28, 2025 EPSS Score
- Sep 1, 2025 Coalition ESS Score
- Sep 5, 2025 EPSS Score
- Sep 8, 2025 Coalition ESS Score
- Sep 13, 2025 EPSS Score
- Sep 20, 2025 EPSS Score
- Sep 28, 2025 EPSS Score
- Oct 3, 2025 Coalition ESS Score
- Oct 6, 2025 EPSS Score