SSH Host Key Validation Flaw in Cisco NDFC Enables MITM (CVE-2025-20163)
CVE-2025-20163 Published on June 4, 2025
Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.
This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
Vulnerability Analysis
CVE-2025-20163 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Key Exchange without Entity Authentication
The software performs a key exchange with an actor without verifying the identity of that actor. Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate an actor by modifying traffic between the two entities. Typically, this involves a victim client that contacts a malicious server that is impersonating a trusted server. If the client skips authentication or ignores an authentication failure, the malicious server may request authentication information from the user. The malicious server can then use this authentication information to log in to the trusted server using the victim's credentials, sniff traffic between the victim and trusted server, etc.
Products Associated with CVE-2025-20163
stack.watch emails you whenever new vulnerabilities are published in Cisco Nexus Dashboard or Cisco Data Center Network Manager. Just hit a watch button to start following.
Affected Versions
Cisco Data Center Network Manager:- Version 11.2(1) is affected.
- Version 7.0(2) is affected.
- Version 10.3(2)IPFM is affected.
- Version 10.1(1) is affected.
- Version 7.2(3) is affected.
- Version 7.2(2) is affected.
- Version 7.2(1) is affected.
- Version 11.0(1) is affected.
- Version 10.4(1) is affected.
- Version 10.2(1) is affected.
- Version 7.2(2a) is affected.
- Version 10.1(2) is affected.
- Version 7.1(1) is affected.
- Version 12.1(1) is affected.
- Version 11.1(1) is affected.
- Version 10.3(1) is affected.
- Version 10.3(1)R(1) is affected.
- Version 7.0(1) is affected.
- Version 10.0(1) is affected.
- Version 7.1(2) is affected.
- Version 11.4(1) is affected.
- Version 10.4(2) is affected.
- Version 11.3(1) is affected.
- Version 11.5(1) is affected.
- Version 11.5(2) is affected.
- Version 11.5(3) is affected.
- Version 12.0.1a is affected.
- Version 11.5(3a) is affected.
- Version 12.0.2d is affected.
- Version 12.0.2f is affected.
- Version 11.5(4) is affected.
- Version 12.1.1 is affected.
- Version 12.1.1e is affected.
- Version 12.1.1p is affected.
- Version 12.1.2e is affected.
- Version 12.1.2p is affected.
- Version 12.1.3b is affected.
- Version 12.2.1 is affected.
- Version 12.2.2 is affected.
- Version 3.1(1k) is affected.
- Version 3.1(1l) is affected.
- Version 3.2(1e) is affected.
- Version 3.2(1i) is affected.
- Version 3.3(1a) is affected.
- Version 3.3(1b) is affected.
- Version 3.3(2b) is affected.
- Version 4.0(1i) is affected.
- Version 3.3(2g) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.