Command Injection Vulnerability in Cisco NX-OS Software
CVE-2025-20292

4.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Nx-os Software; Cisco Nx-os System Software In Aci Mode; Cisco Unified Computing System (managed)
Vendor: CVE Published:; 27 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-20292?

A vulnerability in the command-line interface (CLI) of Cisco NX-OS Software permits authenticated local attackers to perform command injection. This flaw arises from inadequate validation of user-supplied input, allowing an attacker with valid user credentials to manipulate command arguments. Successful exploitation enables unauthorized reading and writing of files on the device's operating system, restricted to the permissions of the non-root user account. This vulnerability poses a significant risk as it can lead to unauthorized file system access and compromise the integrity of the system.

Affected Version(s)

Cisco NX-OS Software 8.2(5)

Cisco NX-OS Software 7.3(6)N1(1a)

Cisco NX-OS Software 7.3(5)D1(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 27, 2025
Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Oct 10, 2024