{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20270", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.245Z", "datePublished": "2025-09-03T17:39:46.331Z", "dateUpdated": "2025-09-05T17:05:56.337Z"}, "containers": {"cna": {"title": "Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system.\r\n\r\nThis vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive configuration information on the affected system that should be restricted. To exploit this vulnerability, an attacker must have access as a low-privileged user.  "}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-dis-zhPPMfgz", "name": "cisco-sa-epnm-info-dis-zhPPMfgz"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-epnm-info-dis-zhPPMfgz", "discovery": "EXTERNAL", "defects": ["CSCwn55506"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Evolved Programmable Network Manager (EPNM)", "versions": [{"version": "7.0.0", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "7.1.2.1", "status": "affected"}, {"version": "7.0.1.3", "status": "affected"}, {"version": "7.1.3", "status": "affected"}, {"version": "7.1.2", "status": "affected"}, {"version": "7.0.1.2", "status": "affected"}, {"version": "7.0.1.1", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "7.1.0", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Prime Infrastructure", "versions": [{"version": "3.9.0", "status": "affected"}, {"version": "3.10.0", "status": "affected"}, {"version": "3.9.1", "status": "affected"}, {"version": "3.10.2", "status": "affected"}, {"version": "3.10.3", "status": "affected"}, {"version": "3.10", "status": "affected"}, {"version": "3.10.1", "status": "affected"}, {"version": "3.9.1 Update 01", "status": "affected"}, {"version": "3.9.1 Update 02", "status": "affected"}, {"version": "3.9.1 Update 03", "status": "affected"}, {"version": "3.9.1 Update 04", "status": "affected"}, {"version": "3.9.0 Update 01", "status": "affected"}, {"version": "3.10.4", "status": "affected"}, {"version": "3.10.4 Update 01", "status": "affected"}, {"version": "3.10.4 Update 02", "status": "affected"}, {"version": "3.10.4 Update 03", "status": "affected"}, {"version": "3.10.5", "status": "affected"}, {"version": "3.10.6", "status": "affected"}, {"version": "3.10.6 Update 01", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-09-03T17:39:46.331Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-03T17:59:26.779785Z", "id": "CVE-2025-20270", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-05T17:05:56.337Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20270", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.245Z", "datePublished": "2025-09-03T17:39:46.331Z", "dateUpdated": "2025-09-05T17:05:56.337Z"}, "containers": {"cna": {"title": "Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system.\r\n\r\nThis vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive configuration information on the affected system that should be restricted. To exploit this vulnerability, an attacker must have access as a low-privileged user.  "}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-dis-zhPPMfgz", "name": "cisco-sa-epnm-info-dis-zhPPMfgz"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-epnm-info-dis-zhPPMfgz", "discovery": "EXTERNAL", "defects": ["CSCwn55506"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Evolved Programmable Network Manager (EPNM)", "versions": [{"version": "7.0.0", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "7.1.2.1", "status": "affected"}, {"version": "7.0.1.3", "status": "affected"}, {"version": "7.1.3", "status": "affected"}, {"version": "7.1.2", "status": "affected"}, {"version": "7.0.1.2", "status": "affected"}, {"version": "7.0.1.1", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "7.1.0", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Prime Infrastructure", "versions": [{"version": "3.9.0", "status": "affected"}, {"version": "3.10.0", "status": "affected"}, {"version": "3.9.1", "status": "affected"}, {"version": "3.10.2", "status": "affected"}, {"version": "3.10.3", "status": "affected"}, {"version": "3.10", "status": "affected"}, {"version": "3.10.1", "status": "affected"}, {"version": "3.9.1 Update 01", "status": "affected"}, {"version": "3.9.1 Update 02", "status": "affected"}, {"version": "3.9.1 Update 03", "status": "affected"}, {"version": "3.9.1 Update 04", "status": "affected"}, {"version": "3.9.0 Update 01", "status": "affected"}, {"version": "3.10.4", "status": "affected"}, {"version": "3.10.4 Update 01", "status": "affected"}, {"version": "3.10.4 Update 02", "status": "affected"}, {"version": "3.10.4 Update 03", "status": "affected"}, {"version": "3.10.5", "status": "affected"}, {"version": "3.10.6", "status": "affected"}, {"version": "3.10.6 Update 01", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-09-03T17:39:46.331Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-03T17:59:26.779785Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T17:59:16.109Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system.\r\n\r\nThis vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive configuration information on the affected system that should be restricted. To exploit this vulnerability, an attacker must have access as a low-privileged user.  "}], "id": "CVE-2025-20270", "lastModified": "2025-09-04T15:35:29.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2025-09-03T18:15:32.900", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-dis-zhPPMfgz"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"created": "2025-09-04T13:12:21.653876+00:00", "updated": "2025-09-04T13:12:21.653969+00:00", "vendors": ["cisco", "cisco$PRODUCT$evolved_programmable_network_manager", "cisco$PRODUCT$prime_infrastructure"]}