CVE-2025-20117

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(1l\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(1m\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(2l\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(2o\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(3i\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(3j\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(3n\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(3o\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(3r\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(3s\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(4d\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(4e\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(5d\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(5e\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(5f\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(6i\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(7f\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(7k\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(8d\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(9b\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(9f\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(9h\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(10e\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(10f\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(10g\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\(41d\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\(1h\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\(2c\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\(3c\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\(3d\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(1a\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(1i\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(1j\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(1k\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(1l\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2g\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2m\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2o\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2s\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2u\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2w\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\(2x\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(1g\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(1i\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(1j\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(1l\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(2e\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(2f\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(2g\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(3j\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(3l\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(3n\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(3q\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(4i\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(4k\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(4o\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(4p\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(5k\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(5l\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(5n\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(6d\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(6g\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(6h\):::::::*
	cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(6l\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(6o\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7f\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7l\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7q\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7r\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7s\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7t\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7u\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7v\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\(7w\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\(1k\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\(1l\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\(2e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\(2h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\(1h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\(2e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\(3e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\(4c\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(1g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(2e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(2f\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(2g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(2h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(3e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(3f\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(3g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(4d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(4e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(4f\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(4h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(5c\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(5d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(5e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(6e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(6g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(6h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(7f\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(7g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(8d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(8e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(8f\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(8g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(8h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\(8i\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\(1d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\(2a\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\(2b\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\(2c\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\(2d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\(2e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(1g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(1j\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(2h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(2j\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(3d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(3e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(3g\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(4c\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(5h\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(5j\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(6c\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(7e\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\(8d\):::::::*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.1\(1f\):::::::*

History

No history.

Information

Published : 2025-02-26 17:15

Updated : 2025-07-31 17:37

NVD link : CVE-2025-20117

Mitre link : CVE-2025-20117

CVE.ORG link : CVE-2025-20117

JSON object : View

Products Affected

cisco

application_policy_infrastructure_controller

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

5.1 /10