Cisco APIC Race Allowing Local Authenticated File Overwrite (DoS)
CVE-2025-20119 Published on February 26, 2025
Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.
Vulnerability Analysis
CVE-2025-20119 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Weakness Type
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2025-20119 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2025-20119
Want to know whenever a new CVE is published for Cisco Application Policy Infrastructure Controller? stack.watch will email you.
Affected Versions
Cisco Application Policy Infrastructure Controller (APIC):- Version 3.2(8d) is affected.
- Version 3.2(1m) is affected.
- Version 3.2(5e) is affected.
- Version 4.1(2m) is affected.
- Version 3.2(41d) is affected.
- Version 3.2(3s) is affected.
- Version 4.0(3c) is affected.
- Version 4.1(1k) is affected.
- Version 3.2(4d) is affected.
- Version 4.2(2e) is affected.
- Version 4.2(3j) is affected.
- Version 4.2(3n) is affected.
- Version 4.0(1h) is affected.
- Version 4.1(1l) is affected.
- Version 3.2(9f) is affected.
- Version 4.2(3l) is affected.
- Version 4.2(2g) is affected.
- Version 3.2(7k) is affected.
- Version 3.2(9b) is affected.
- Version 3.2(3j) is affected.
- Version 4.1(2u) is affected.
- Version 4.2(1l) is affected.
- Version 4.1(1a) is affected.
- Version 4.0(3d) is affected.
- Version 3.2(4e) is affected.
- Version 4.1(1i) is affected.
- Version 3.2(5f) is affected.
- Version 3.2(1l) is affected.
- Version 4.2(1i) is affected.
- Version 4.1(2o) is affected.
- Version 4.2(1g) is affected.
- Version 4.1(2g) is affected.
- Version 4.2(2f) is affected.
- Version 3.2(6i) is affected.
- Version 3.2(3i) is affected.
- Version 3.2(3n) is affected.
- Version 4.1(2x) is affected.
- Version 3.2(5d) is affected.
- Version 4.2(3q) is affected.
- Version 4.1(1j) is affected.
- Version 4.1(2w) is affected.
- Version 3.2(2o) is affected.
- Version 3.2(3r) is affected.
- Version 4.0(2c) is affected.
- Version 4.1(2s) is affected.
- Version 3.2(7f) is affected.
- Version 3.2(3o) is affected.
- Version 3.2(2l) is affected.
- Version 4.2(1j) is affected.
- Version 4.2(4i) is affected.
- Version 3.2(9h) is affected.
- Version 5.0(1k) is affected.
- Version 4.2(4k) is affected.
- Version 5.0(1l) is affected.
- Version 5.0(2e) is affected.
- Version 4.2(4o) is affected.
- Version 4.2(4p) is affected.
- Version 5.0(2h) is affected.
- Version 4.2(5k) is affected.
- Version 4.2(5l) is affected.
- Version 4.2(5n) is affected.
- Version 5.1(1h) is affected.
- Version 4.2(6d) is affected.
- Version 5.1(2e) is affected.
- Version 4.2(6g) is affected.
- Version 4.2(6h) is affected.
- Version 5.1(3e) is affected.
- Version 3.2(10e) is affected.
- Version 4.2(6l) is affected.
- Version 4.2(7f) is affected.
- Version 5.1(4c) is affected.
- Version 4.2(6o) is affected.
- Version 5.2(1g) is affected.
- Version 5.2(2e) is affected.
- Version 4.2(7l) is affected.
- Version 3.2(10f) is affected.
- Version 5.2(2f) is affected.
- Version 5.2(2g) is affected.
- Version 4.2(7q) is affected.
- Version 5.2(2h) is affected.
- Version 5.2(3f) is affected.
- Version 5.2(3e) is affected.
- Version 5.2(3g) is affected.
- Version 4.2(7r) is affected.
- Version 4.2(7s) is affected.
- Version 5.2(4d) is affected.
- Version 5.2(4e) is affected.
- Version 4.2(7t) is affected.
- Version 5.2(5d) is affected.
- Version 3.2(10g) is affected.
- Version 5.2(5c) is affected.
- Version 6.0(1g) is affected.
- Version 4.2(7u) is affected.
- Version 5.2(5e) is affected.
- Version 5.2(4f) is affected.
- Version 5.2(6e) is affected.
- Version 6.0(1j) is affected.
- Version 5.2(6g) is affected.
- Version 5.2(7f) is affected.
- Version 4.2(7v) is affected.
- Version 5.2(7g) is affected.
- Version 6.0(2h) is affected.
- Version 4.2(7w) is affected.
- Version 5.2(6h) is affected.
- Version 5.2(4h) is affected.
- Version 5.2(8d) is affected.
- Version 6.0(2j) is affected.
- Version 5.2(8e) is affected.
- Version 6.0(3d) is affected.
- Version 6.0(3e) is affected.
- Version 5.2(8f) is affected.
- Version 5.2(8g) is affected.
- Version 5.3(1d) is affected.
- Version 5.2(8h) is affected.
- Version 6.0(4c) is affected.
- Version 5.3(2a) is affected.
- Version 5.2(8i) is affected.
- Version 6.0(5h) is affected.
- Version 5.3(2b) is affected.
- Version 6.0(3g) is affected.
- Version 6.0(5j) is affected.
- Version 5.3(2c) is affected.
- Version 6.0(6c) is affected.
- Version 6.1(1f) is affected.
- Version 6.0(7e) is affected.
- Version 5.3(2d) is affected.
- Version 6.0(8d) is affected.
- Version 5.3(2e) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.