Skip to main content

Cisco Prime Infrastructure CVE-2025-20272

MEDIUM
SQL Injection (CWE-89)
2025-07-16 psirt@cisco.com
4.3
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
4.3 MEDIUM

Network-reachable REST API requires low-privilege auth; blind read-only SQLi yields limited confidentiality impact with no integrity or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 29, 2026 - 17:31 vuln.today
CVE Published
Jul 16, 2025 - 17:15 cve.org
MEDIUM 4.3

DescriptionCVE.org

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.

AnalysisAI

Blind SQL injection in Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) REST APIs permits authenticated low-privileged remote attackers to extract data from database tables on the affected device. The vulnerability stems from insufficient validation of user-supplied input passed to the affected API endpoints, enabling an attacker to infer database contents through crafted boolean-based or time-based blind injection requests. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.

Technical ContextAI

Cisco Prime Infrastructure and EPNM are enterprise-grade network management and orchestration platforms commonly deployed in large enterprise and service-provider environments. The affected attack surface is a subset of the platforms' REST APIs, which fail to adequately sanitize user-controlled input before incorporating it into SQL queries - the classic root cause described by CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). Because the injection is blind, the attacker cannot read query results directly; instead, database content must be inferred through boolean or time-delay side-channels. Affected products per CPE include Cisco Prime Infrastructure broadly (with 3.10.6 base and 3.10.6:security_update_01 explicitly enumerated as vulnerable) and Cisco EPNM broadly (with 8.1.0 explicitly enumerated). The CVSS vector (AV:N/AC:L/PR:L) confirms the APIs are reachable over the network and require only a low-privilege account.

RemediationAI

The primary remediation is to apply the vendor-released patch per Cisco Security Advisory cisco-sa-piepnm-bsi-25JJqsbb, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb. Specific fixed versions are not confirmed in the data available for this analysis and must be verified directly from the advisory before patching. Notably, Cisco Prime Infrastructure 3.10.6 Security Update 01 does NOT remediate this vulnerability, as it remains listed as an affected version in CPE data; administrators who have applied that update must still apply the subsequent fix. As a compensating control where patching is not immediately possible, restrict access to the Prime Infrastructure and EPNM REST APIs to trusted administrative network segments using perimeter firewall rules or ACLs - this raises the effective privilege bar for exploitation by preventing untrusted low-privilege users from reaching the API layer. Additionally, audit low-privilege user accounts on both platforms and remove any unnecessary accounts to reduce the attacker pool. These controls do not eliminate the vulnerability but meaningfully reduce exploitability.

CVE-2019-1821 CRITICAL POC
9.8 May 16

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable

CVE-2018-15379 CRITICAL POC
9.8 Oct 05

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions

CVE-2016-1289 CRITICAL
9.8 Jul 02

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote

CVE-2016-1291 CRITICAL
9.8 Apr 06

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote a

CVE-2019-15958 CRITICAL
9.8 Nov 26

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM)

CVE-2018-0258 CRITICAL
9.8 May 02

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker t

CVE-2016-6443 HIGH
8.8 Oct 27

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could

CVE-2014-0679 CRITICAL
9.0 Feb 27

Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows rem

CVE-2016-1442 HIGH
8.8 Jul 07

The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to ex

CVE-2016-1359 HIGH
8.8 Mar 03

Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request th

CVE-2016-1408 HIGH
8.8 Jul 02

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote auth

CVE-2016-1406 HIGH
8.8 May 25

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2

Share

CVE-2025-20272 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy