CISCO-CVE-2025-20292

MEDIUM4.4

Cisco NXOS Software Command Injection Vulnerability

Published Aug 27, 2025

Modified 6 months ago

Affected Packages

Cisco NX-OS

CiscoNXOS MDS9000MultilayerDirectorsandFabricSwitches

Affected versions:

8.1(1)8.1(1a)8.1(1b)8.2(1)8.2(2)8.3(1)8.3(2)8.4(1)8.4(1a)8.4(2)+19 more

Cisco NX-OS

CiscoNXOS Nexus3000

Affected versions:

10.1(1)10.1(2)10.1(2t)10.2(1)10.2(2)10.2(3)10.2(3t)10.2(3v)10.2(4)10.2(5)+99 more

Cisco NX-OS

CiscoNXOS Nexus5000CiscoNXOS Nexus6000

Affected versions:

7.3(0)N1(1)7.3(0)N1(1a)7.3(0)N1(1b)7.3(1)N1(1)7.3(10)N1(1)7.3(11)N1(1)7.3(11)N1(1a)7.3(12)N1(1)7.3(13)N1(1)7.3(14)N1(1)+17 more

Cisco NX-OS

CiscoNXOS Nexus7000

Affected versions:

7.3(0)D1(1)7.3(0)DX(1)7.3(1)D1(1)7.3(2)D1(1)7.3(2)D1(1d)7.3(2)D1(2)7.3(2)D1(3)7.3(2)D1(3a)7.3(3)D1(1)7.3(4)D1(1)+34 more

Cisco NX-OS

CiscoNXOS Nexus9000

Affected versions:

10.1(1)10.1(2)10.2(1)10.2(1q)10.2(2)10.2(2a)10.2(3)10.2(4)10.2(5)10.2(6)+91 more

CVSS Analysis

CVSS v3.1

4.4

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

4.4/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Upstream

CVE-2025-20292

CISCO-SA-NXOS-CMDINJ-QHNZE5SS

Ecosystems(6)

CiscoNXOS MDS9000MultilayerDirectorsandFabricSwitches CiscoNXOS Nexus3000 CiscoNXOS Nexus5000 CiscoNXOS Nexus6000 CiscoNXOS Nexus7000

Timeline

PublishedAug 27, 2025

ModifiedAug 27, 2025