CVE-2025-20257

Medienbericht

EPSS 0.2%
Veröffentlicht 21.05.2025 16:20:06
Zuletzt bearbeitet 23.07.2025 17:39:29
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Secure Network Analytics API Authorization Vulnerability

A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product.

Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls with crafted input. A successful exploit could allow the attacker to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Secure Network Analytics Version7.5.2 Update-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.412

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.heise.de/news/Sicherheitsupdates-Cisco-Angreifer-koennen-Alarme-ausloesen-10393971.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-apiacv-4B6X5ysw

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20257

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20257

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20257

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-20257