Cisco APIC Local Authenticated CLI Info Disclosure
CVE-2025-20118 Published on February 26, 2025
Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.
Vulnerability Analysis
CVE-2025-20118 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Products Associated with CVE-2025-20118
Want to know whenever a new CVE is published for Cisco Application Policy Infrastructure Controller? stack.watch will email you.
Affected Versions
Cisco Application Policy Infrastructure Controller (APIC):- Version 3.2(8d) is affected.
- Version 3.2(1m) is affected.
- Version 3.2(5e) is affected.
- Version 4.1(2m) is affected.
- Version 3.2(41d) is affected.
- Version 3.2(3s) is affected.
- Version 4.0(3c) is affected.
- Version 4.1(1k) is affected.
- Version 3.2(4d) is affected.
- Version 4.2(2e) is affected.
- Version 4.2(3j) is affected.
- Version 4.2(3n) is affected.
- Version 4.0(1h) is affected.
- Version 4.1(1l) is affected.
- Version 3.2(9f) is affected.
- Version 4.2(3l) is affected.
- Version 4.2(2g) is affected.
- Version 3.2(7k) is affected.
- Version 3.2(9b) is affected.
- Version 3.2(3j) is affected.
- Version 4.1(2u) is affected.
- Version 4.2(1l) is affected.
- Version 4.1(1a) is affected.
- Version 4.0(3d) is affected.
- Version 3.2(4e) is affected.
- Version 4.1(1i) is affected.
- Version 3.2(5f) is affected.
- Version 3.2(1l) is affected.
- Version 4.2(1i) is affected.
- Version 4.1(2o) is affected.
- Version 4.2(1g) is affected.
- Version 4.1(2g) is affected.
- Version 4.2(2f) is affected.
- Version 3.2(6i) is affected.
- Version 3.2(3i) is affected.
- Version 3.2(3n) is affected.
- Version 4.1(2x) is affected.
- Version 3.2(5d) is affected.
- Version 4.2(3q) is affected.
- Version 4.1(1j) is affected.
- Version 4.1(2w) is affected.
- Version 3.2(2o) is affected.
- Version 3.2(3r) is affected.
- Version 4.0(2c) is affected.
- Version 4.1(2s) is affected.
- Version 3.2(7f) is affected.
- Version 3.2(3o) is affected.
- Version 3.2(2l) is affected.
- Version 4.2(1j) is affected.
- Version 4.2(4i) is affected.
- Version 3.2(9h) is affected.
- Version 5.0(1k) is affected.
- Version 4.2(4k) is affected.
- Version 5.0(1l) is affected.
- Version 5.0(2e) is affected.
- Version 4.2(4o) is affected.
- Version 4.2(4p) is affected.
- Version 5.0(2h) is affected.
- Version 4.2(5k) is affected.
- Version 4.2(5l) is affected.
- Version 4.2(5n) is affected.
- Version 5.1(1h) is affected.
- Version 4.2(6d) is affected.
- Version 5.1(2e) is affected.
- Version 4.2(6g) is affected.
- Version 4.2(6h) is affected.
- Version 5.1(3e) is affected.
- Version 3.2(10e) is affected.
- Version 4.2(6l) is affected.
- Version 4.2(7f) is affected.
- Version 5.1(4c) is affected.
- Version 4.2(6o) is affected.
- Version 5.2(1g) is affected.
- Version 5.2(2e) is affected.
- Version 4.2(7l) is affected.
- Version 3.2(10f) is affected.
- Version 5.2(2f) is affected.
- Version 5.2(2g) is affected.
- Version 4.2(7q) is affected.
- Version 5.2(2h) is affected.
- Version 5.2(3f) is affected.
- Version 5.2(3e) is affected.
- Version 5.2(3g) is affected.
- Version 4.2(7r) is affected.
- Version 4.2(7s) is affected.
- Version 5.2(4d) is affected.
- Version 5.2(4e) is affected.
- Version 4.2(7t) is affected.
- Version 5.2(5d) is affected.
- Version 3.2(10g) is affected.
- Version 5.2(5c) is affected.
- Version 6.0(1g) is affected.
- Version 4.2(7u) is affected.
- Version 5.2(5e) is affected.
- Version 5.2(4f) is affected.
- Version 5.2(6e) is affected.
- Version 6.0(1j) is affected.
- Version 5.2(6g) is affected.
- Version 5.2(7f) is affected.
- Version 4.2(7v) is affected.
- Version 5.2(7g) is affected.
- Version 6.0(2h) is affected.
- Version 4.2(7w) is affected.
- Version 5.2(6h) is affected.
- Version 5.2(4h) is affected.
- Version 5.2(8d) is affected.
- Version 6.0(2j) is affected.
- Version 5.2(8e) is affected.
- Version 6.0(3d) is affected.
- Version 6.0(3e) is affected.
- Version 5.2(8f) is affected.
- Version 5.2(8g) is affected.
- Version 5.3(1d) is affected.
- Version 5.2(8h) is affected.
- Version 6.0(4c) is affected.
- Version 5.3(2a) is affected.
- Version 5.2(8i) is affected.
- Version 6.0(5h) is affected.
- Version 5.3(2b) is affected.
- Version 6.0(3g) is affected.
- Version 6.0(5j) is affected.
- Version 5.3(2c) is affected.
- Version 6.0(6c) is affected.
- Version 6.1(1f) is affected.
- Version 6.0(7e) is affected.
- Version 5.3(2d) is affected.
- Version 6.0(8d) is affected.
- Version 5.3(2e) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.