Input Validation Flaw in Cisco UCS Manager Software Allows File Manipulation
CVE-2025-20295

6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Computing System (managed)
Vendor: CVE Published:; 27 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-20295?

A significant security flaw exists in the Command Line Interface (CLI) of Cisco UCS Manager Software, which may allow authenticated local attackers with administrative privileges to exploit this vulnerability. The issue originates from inadequate input validation of user-supplied command arguments, enabling attackers to submit specially crafted inputs. Upon successful exploitation, these individuals could read, create, or overwrite files on the underlying operating system's file system, including critical system files, potentially jeopardizing the integrity and availability of affected devices. To successfully carry out this attack, the intruder must possess valid administrative credentials.

Affected Version(s)

Cisco Unified Computing System (Managed) 4.0(1a)

Cisco Unified Computing System (Managed) 4.1(1d)

Cisco Unified Computing System (Managed) 4.0(4f)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 27, 2025
Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Oct 10, 2024