Network Configuration Access Control Flaw in Cisco IOS XE Software
CVE-2025-20214

4.3MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco iOS Xe Software
Vendor
CVE Published:
7 May 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-20214?

A security flaw in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software enables an authenticated remote attacker to gain unauthorized read access to sensitive configuration or operational data. This issue arises from a change in the inner API call behavior, leading to incorrect filtering of results. Attackers can exploit this vulnerability via NETCONF, RESTCONF, or gRPC Network Management Interface (gNMI) protocols to query data on paths that should be blocked by the NACM configuration. Successful exploitation allows access to restricted data, especially if the attacker has obtained valid user credentials with lower privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco IOS XE Software 17.11.1

Cisco IOS XE Software 17.11.1a

Cisco IOS XE Software 17.12.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.