CVE-2025-20272

Media report

EPSS 0.05%
Published 16.07.2025 16:16:28
Last modified 31.07.2025 15:15:35
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Prime Infrastructure Version2.0.0

Cisco ≫ Prime Infrastructure Version2.0.10

Cisco ≫ Prime Infrastructure Version2.0.39

Cisco ≫ Prime Infrastructure Version2.1

Cisco ≫ Prime Infrastructure Version2.1.0

Cisco ≫ Prime Infrastructure Version2.1.1

Cisco ≫ Prime Infrastructure Version2.1.2

Cisco ≫ Prime Infrastructure Version2.1.56

Cisco ≫ Prime Infrastructure Version2.2

Cisco ≫ Prime Infrastructure Version2.2.0

Cisco ≫ Prime Infrastructure Version2.2.1 Update-

Cisco ≫ Prime Infrastructure Version2.2.1 Updateupdate01

Cisco ≫ Prime Infrastructure Version2.2.2 Update-

Cisco ≫ Prime Infrastructure Version2.2.2 Updateupdate03

Cisco ≫ Prime Infrastructure Version2.2.2 Updateupdate04

Cisco ≫ Prime Infrastructure Version2.2.3 Update-

Cisco ≫ Prime Infrastructure Version2.2.3 Updateupdate02

Cisco ≫ Prime Infrastructure Version2.2.3 Updateupdate03

Cisco ≫ Prime Infrastructure Version2.2.3 Updateupdate04

Cisco ≫ Prime Infrastructure Version2.2.3 Updateupdate05

Cisco ≫ Prime Infrastructure Version2.2.3 Updateupdate06

Cisco ≫ Prime Infrastructure Version2.2.4

Cisco ≫ Prime Infrastructure Version2.2.5

Cisco ≫ Prime Infrastructure Version2.2.7

Cisco ≫ Prime Infrastructure Version2.2.8

Cisco ≫ Prime Infrastructure Version2.2.9

Cisco ≫ Prime Infrastructure Version2.2.10

Cisco ≫ Prime Infrastructure Version3.0.0

Cisco ≫ Prime Infrastructure Version3.0.1

Cisco ≫ Prime Infrastructure Version3.0.2

Cisco ≫ Prime Infrastructure Version3.0.3

Cisco ≫ Prime Infrastructure Version3.0.4

Cisco ≫ Prime Infrastructure Version3.0.5

Cisco ≫ Prime Infrastructure Version3.0.6

Cisco ≫ Prime Infrastructure Version3.0.7

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack10

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack11

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack12

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack13

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack14

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack15

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack16

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack4

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack5

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack6

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack7

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack8

Cisco ≫ Prime Infrastructure Version3.1 Updatedevice_pack9

Cisco ≫ Prime Infrastructure Version3.1.0

Cisco ≫ Prime Infrastructure Version3.1.1

Cisco ≫ Prime Infrastructure Version3.1.2

Cisco ≫ Prime Infrastructure Version3.1.3

Cisco ≫ Prime Infrastructure Version3.1.4

Cisco ≫ Prime Infrastructure Version3.1.5

Cisco ≫ Prime Infrastructure Version3.1.6

Cisco ≫ Prime Infrastructure Version3.1.7

Cisco ≫ Prime Infrastructure Version3.2 Update-

Cisco ≫ Prime Infrastructure Version3.2 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.2 Updatedevice_pack2

Cisco ≫ Prime Infrastructure Version3.2 Updatedevice_pack3

Cisco ≫ Prime Infrastructure Version3.2 Updatedevice_pack4

Cisco ≫ Prime Infrastructure Version3.2.0-fips

Cisco ≫ Prime Infrastructure Version3.2.1

Cisco ≫ Prime Infrastructure Version3.2.2

Cisco ≫ Prime Infrastructure Version3.3 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.3 Updatedevice_pack2

Cisco ≫ Prime Infrastructure Version3.3 Updatedevice_pack3

Cisco ≫ Prime Infrastructure Version3.3 Updatedevice_pack4

Cisco ≫ Prime Infrastructure Version3.3.0 Update-

Cisco ≫ Prime Infrastructure Version3.3.0 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.3.1

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack10

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack11

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack2

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack3

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack4

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack5

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack6

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack7

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack8

Cisco ≫ Prime Infrastructure Version3.4 Updatedevice_pack9

Cisco ≫ Prime Infrastructure Version3.4.0

Cisco ≫ Prime Infrastructure Version3.4.1 Update-

Cisco ≫ Prime Infrastructure Version3.4.1 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.4.1 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.4.2 Update-

Cisco ≫ Prime Infrastructure Version3.4.2 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.5 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.5 Updatedevice_pack2

Cisco ≫ Prime Infrastructure Version3.5 Updatedevice_pack3

Cisco ≫ Prime Infrastructure Version3.5 Updatedevice_pack4

Cisco ≫ Prime Infrastructure Version3.5.0 Update-

Cisco ≫ Prime Infrastructure Version3.5.0 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.5.0 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.5.0 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.5.1 Update-

Cisco ≫ Prime Infrastructure Version3.5.1 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.5.1 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.5.1 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.6 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.6.0 Update-

Cisco ≫ Prime Infrastructure Version3.6.0 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.6.0 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.6.0 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.6.0 Updateupdate04

Cisco ≫ Prime Infrastructure Version3.7 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.7 Updatedevice_pack2

Cisco ≫ Prime Infrastructure Version3.7.0 Update-

Cisco ≫ Prime Infrastructure Version3.7.0 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.7.1 Update-

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate04

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate05

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate06

Cisco ≫ Prime Infrastructure Version3.7.1 Updateupdate07

Cisco ≫ Prime Infrastructure Version3.8 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.8.0 Update-

Cisco ≫ Prime Infrastructure Version3.8.0 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.8.0 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.8.1 Update-

Cisco ≫ Prime Infrastructure Version3.8.1 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.8.1 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.8.1 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.8.1 Updateupdate04

Cisco ≫ Prime Infrastructure Version3.9 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.9.0 Update-

Cisco ≫ Prime Infrastructure Version3.9.0 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.9.1 Update-

Cisco ≫ Prime Infrastructure Version3.9.1 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.9.1 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.9.1 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.9.1 Updateupdate04

Cisco ≫ Prime Infrastructure Version3.10 Update-

Cisco ≫ Prime Infrastructure Version3.10 Updatedevice_pack1

Cisco ≫ Prime Infrastructure Version3.10 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.10.0

Cisco ≫ Prime Infrastructure Version3.10.1

Cisco ≫ Prime Infrastructure Version3.10.2

Cisco ≫ Prime Infrastructure Version3.10.3

Cisco ≫ Prime Infrastructure Version3.10.4 Update-

Cisco ≫ Prime Infrastructure Version3.10.4 Updateupdate01

Cisco ≫ Prime Infrastructure Version3.10.4 Updateupdate02

Cisco ≫ Prime Infrastructure Version3.10.4 Updateupdate03

Cisco ≫ Prime Infrastructure Version3.10.5

Cisco ≫ Prime Infrastructure Version3.10.6 Update-

Cisco ≫ Prime Infrastructure Version3.10.6 Updateupdate01

Cisco ≫ Evolved Programmable Network Manager Version1.1

Cisco ≫ Evolved Programmable Network Manager Version1.2

Cisco ≫ Evolved Programmable Network Manager Version1.2.1.2

Cisco ≫ Evolved Programmable Network Manager Version1.2.2

Cisco ≫ Evolved Programmable Network Manager Version1.2.2.4

Cisco ≫ Evolved Programmable Network Manager Version1.2.3

Cisco ≫ Evolved Programmable Network Manager Version1.2.4

Cisco ≫ Evolved Programmable Network Manager Version1.2.4.2

Cisco ≫ Evolved Programmable Network Manager Version1.2.5

Cisco ≫ Evolved Programmable Network Manager Version1.2.6

Cisco ≫ Evolved Programmable Network Manager Version1.2.7

Cisco ≫ Evolved Programmable Network Manager Version2.0

Cisco ≫ Evolved Programmable Network Manager Version2.0.1

Cisco ≫ Evolved Programmable Network Manager Version2.0.1.1

Cisco ≫ Evolved Programmable Network Manager Version2.0.2

Cisco ≫ Evolved Programmable Network Manager Version2.0.2.1

Cisco ≫ Evolved Programmable Network Manager Version2.0.3

Cisco ≫ Evolved Programmable Network Manager Version2.0.4

Cisco ≫ Evolved Programmable Network Manager Version2.0.4.1

Cisco ≫ Evolved Programmable Network Manager Version2.0.4.2

Cisco ≫ Evolved Programmable Network Manager Version2.1

Cisco ≫ Evolved Programmable Network Manager Version2.1.1

Cisco ≫ Evolved Programmable Network Manager Version2.1.1.1

Cisco ≫ Evolved Programmable Network Manager Version2.1.1.3

Cisco ≫ Evolved Programmable Network Manager Version2.1.1.4

Cisco ≫ Evolved Programmable Network Manager Version2.1.2

Cisco ≫ Evolved Programmable Network Manager Version2.1.2.2

Cisco ≫ Evolved Programmable Network Manager Version2.1.2.3

Cisco ≫ Evolved Programmable Network Manager Version2.1.3

Cisco ≫ Evolved Programmable Network Manager Version2.1.3.2

Cisco ≫ Evolved Programmable Network Manager Version2.1.3.3

Cisco ≫ Evolved Programmable Network Manager Version2.1.3.4

Cisco ≫ Evolved Programmable Network Manager Version2.1.3.5

Cisco ≫ Evolved Programmable Network Manager Version2.1.4

Cisco ≫ Evolved Programmable Network Manager Version2.2

Cisco ≫ Evolved Programmable Network Manager Version2.2.1

Cisco ≫ Evolved Programmable Network Manager Version2.2.1.1

Cisco ≫ Evolved Programmable Network Manager Version2.2.1.2

Cisco ≫ Evolved Programmable Network Manager Version2.2.1.3

Cisco ≫ Evolved Programmable Network Manager Version2.2.1.4

Cisco ≫ Evolved Programmable Network Manager Version2.2.3

Cisco ≫ Evolved Programmable Network Manager Version2.2.4

Cisco ≫ Evolved Programmable Network Manager Version2.2.5

Cisco ≫ Evolved Programmable Network Manager Version3.0

Cisco ≫ Evolved Programmable Network Manager Version3.0.1

Cisco ≫ Evolved Programmable Network Manager Version3.0.2

Cisco ≫ Evolved Programmable Network Manager Version3.0.3

Cisco ≫ Evolved Programmable Network Manager Version3.1

Cisco ≫ Evolved Programmable Network Manager Version3.1.1

Cisco ≫ Evolved Programmable Network Manager Version3.1.2

Cisco ≫ Evolved Programmable Network Manager Version3.1.3

Cisco ≫ Evolved Programmable Network Manager Version4.0

Cisco ≫ Evolved Programmable Network Manager Version4.0.1

Cisco ≫ Evolved Programmable Network Manager Version4.0.2

Cisco ≫ Evolved Programmable Network Manager Version4.0.3

Cisco ≫ Evolved Programmable Network Manager Version4.0.3.1

Cisco ≫ Evolved Programmable Network Manager Version4.1

Cisco ≫ Evolved Programmable Network Manager Version4.1.1

Cisco ≫ Evolved Programmable Network Manager Version4.1.1.1

Cisco ≫ Evolved Programmable Network Manager Version4.1.1.2

Cisco ≫ Evolved Programmable Network Manager Version5.0

Cisco ≫ Evolved Programmable Network Manager Version5.0.1

Cisco ≫ Evolved Programmable Network Manager Version5.0.2

Cisco ≫ Evolved Programmable Network Manager Version5.0.2.1

Cisco ≫ Evolved Programmable Network Manager Version5.0.2.2

Cisco ≫ Evolved Programmable Network Manager Version5.0.2.3

Cisco ≫ Evolved Programmable Network Manager Version5.0.2.4

Cisco ≫ Evolved Programmable Network Manager Version5.0.2.5

Cisco ≫ Evolved Programmable Network Manager Version5.0.2.6

Cisco ≫ Evolved Programmable Network Manager Version5.1

Cisco ≫ Evolved Programmable Network Manager Version5.1.1

Cisco ≫ Evolved Programmable Network Manager Version5.1.2

Cisco ≫ Evolved Programmable Network Manager Version5.1.3

Cisco ≫ Evolved Programmable Network Manager Version5.1.3.1

Cisco ≫ Evolved Programmable Network Manager Version5.1.3.2

Cisco ≫ Evolved Programmable Network Manager Version5.1.4

Cisco ≫ Evolved Programmable Network Manager Version5.1.4.1

Cisco ≫ Evolved Programmable Network Manager Version5.1.4.2

Cisco ≫ Evolved Programmable Network Manager Version5.1.4.3

Cisco ≫ Evolved Programmable Network Manager Version5.1.4.4

Cisco ≫ Evolved Programmable Network Manager Version6.0.0

Cisco ≫ Evolved Programmable Network Manager Version6.0.1

Cisco ≫ Evolved Programmable Network Manager Version6.0.1.1

Cisco ≫ Evolved Programmable Network Manager Version6.0.2

Cisco ≫ Evolved Programmable Network Manager Version6.0.2.1

Cisco ≫ Evolved Programmable Network Manager Version6.0.3

Cisco ≫ Evolved Programmable Network Manager Version6.0.3.1

Cisco ≫ Evolved Programmable Network Manager Version6.1

Cisco ≫ Evolved Programmable Network Manager Version6.1.1

Cisco ≫ Evolved Programmable Network Manager Version6.1.1.1

Cisco ≫ Evolved Programmable Network Manager Version6.1.1.2.2

Cisco ≫ Evolved Programmable Network Manager Version6.1.2

Cisco ≫ Evolved Programmable Network Manager Version6.1.2.1

Cisco ≫ Evolved Programmable Network Manager Version6.1.2.2

Cisco ≫ Evolved Programmable Network Manager Version6.1.2.3

Cisco ≫ Evolved Programmable Network Manager Version7.0.0

Cisco ≫ Evolved Programmable Network Manager Version7.0.1

Cisco ≫ Evolved Programmable Network Manager Version7.0.1.1

Cisco ≫ Evolved Programmable Network Manager Version7.0.1.2

Cisco ≫ Evolved Programmable Network Manager Version7.0.1.3

Cisco ≫ Evolved Programmable Network Manager Version7.1.0

Cisco ≫ Evolved Programmable Network Manager Version7.1.1

Cisco ≫ Evolved Programmable Network Manager Version7.1.2

Cisco ≫ Evolved Programmable Network Manager Version7.1.2.1

Cisco ≫ Evolved Programmable Network Manager Version7.1.3

Cisco ≫ Evolved Programmable Network Manager Version7.1.3.1

Cisco ≫ Evolved Programmable Network Manager Version7.1.4

Cisco ≫ Evolved Programmable Network Manager Version8.0.0

Cisco ≫ Evolved Programmable Network Manager Version8.0.0.1

Cisco ≫ Evolved Programmable Network Manager Version8.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://www.heise.de/news/Weitere-kritische-Luecke-in-Ciscos-ISE-10490589.html

Medienbericht

heise Security

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20272

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20272

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20272

EUVD