Blind SQLi in Cisco Prime Infra REST API
CVE-2025-20272 Published on July 16, 2025
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulnerability
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.
Vulnerability Analysis
CVE-2025-20272 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2025-20272 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2025-20272
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-20272 are published in these products:
Affected Versions
Cisco Evolved Programmable Network Manager (EPNM):- Version 3.0.1 is affected.
- Version 3.1.2 is affected.
- Version 1.2 is affected.
- Version 3.1.1 is affected.
- Version 3.1.3 is affected.
- Version 3.1 is affected.
- Version 3.0.3 is affected.
- Version 3.0.2 is affected.
- Version 3.0 is affected.
- Version 2.2 is affected.
- Version 1.1 is affected.
- Version 2.1 is affected.
- Version 2.0 is affected.
- Version 4.1 is affected.
- Version 4.1.1 is affected.
- Version 4.0.3 is affected.
- Version 4.0.1 is affected.
- Version 4.0.2 is affected.
- Version 4.0 is affected.
- Version 5.0 is affected.
- Version 5.0.1 is affected.
- Version 5.1.1 is affected.
- Version 5.1 is affected.
- Version 5.0.2 is affected.
- Version 5.1.2 is affected.
- Version 5.1.3 is affected.
- Version 5.1.4 is affected.
- Version 6.1.1 is affected.
- Version 6.1 is affected.
- Version 6.0.0 is affected.
- Version 6.0.1 is affected.
- Version 6.0.2 is affected.
- Version 7.0.0 is affected.
- Version 1.2.5 is affected.
- Version 1.2.6 is affected.
- Version 2.0.1 is affected.
- Version 1.2.2 is affected.
- Version 1.2.3 is affected.
- Version 1.2.4 is affected.
- Version 1.2.7 is affected.
- Version 1.2.1.2 is affected.
- Version 2.2.1 is affected.
- Version 2.1.3 is affected.
- Version 2.0.2 is affected.
- Version 2.0.3 is affected.
- Version 2.1.2 is affected.
- Version 2.0.4 is affected.
- Version 2.1.1 is affected.
- Version 5.0.2.5 is affected.
- Version 5.1.4.3 is affected.
- Version 6.0.2.1 is affected.
- Version 6.1.1.1 is affected.
- Version 5.0.2.1 is affected.
- Version 5.0.2.2 is affected.
- Version 5.0.2.3 is affected.
- Version 5.0.2.4 is affected.
- Version 5.1.4.1 is affected.
- Version 5.1.4.2 is affected.
- Version 2.1.4 is affected.
- Version 2.2.4 is affected.
- Version 2.2.3 is affected.
- Version 2.2.5 is affected.
- Version 5.1.3.2 is affected.
- Version 5.1.3.1 is affected.
- Version 6.0.1.1 is affected.
- Version 4.1.1.2 is affected.
- Version 4.1.1.1 is affected.
- Version 4.0.3.1 is affected.
- Version 2.0.1.1 is affected.
- Version 2.1.1.3 is affected.
- Version 2.1.1.1 is affected.
- Version 2.1.1.4 is affected.
- Version 2.0.4.2 is affected.
- Version 2.0.4.1 is affected.
- Version 2.1.2.2 is affected.
- Version 2.1.2.3 is affected.
- Version 2.0.2.1 is affected.
- Version 2.1.3.4 is affected.
- Version 2.1.3.3 is affected.
- Version 2.1.3.2 is affected.
- Version 2.1.3.5 is affected.
- Version 2.2.1.2 is affected.
- Version 2.2.1.1 is affected.
- Version 2.2.1.4 is affected.
- Version 2.2.1.3 is affected.
- Version 1.2.4.2 is affected.
- Version 1.2.2.4 is affected.
- Version 6.0.3 is affected.
- Version 5.1.4.4 is affected.
- Version 5.0.2.6 is affected.
- Version 6.0.3.1 is affected.
- Version 6.1.2 is affected.
- Version 6.1.1.2.2 is affected.
- Version 6.1.2.1 is affected.
- Version 6.1.2.2 is affected.
- Version 7.1.1 is affected.
- Version 7.1.2.1 is affected.
- Version 7.0.1.3 is affected.
- Version 7.1.3 is affected.
- Version 7.1.2 is affected.
- Version 7.0.1.2 is affected.
- Version 7.0.1.1 is affected.
- Version 7.0.1 is affected.
- Version 7.1.0 is affected.
- Version 8.0.0 is affected.
- Version 6.1.2.3 is affected.
- Version 8.0.0.1 is affected.
- Version 7.1.3.1 is affected.
- Version 7.1.4 is affected.
- Version 8.1.0 is affected.
- Version 3.0.0 is affected.
- Version 3.1.0 is affected.
- Version 3.1.5 is affected.
- Version 2.1 is affected.
- Version 2.0.0 is affected.
- Version 3.6.0 is affected.
- Version 3.7.0 is affected.
- Version 3.4.0 is affected.
- Version 3.3.0 is affected.
- Version 3.2 is affected.
- Version 3.5.0 is affected.
- Version 3.2.0-FIPS is affected.
- Version 2.2 is affected.
- Version 3.8.0-FED is affected.
- Version 3.9.0 is affected.
- Version 3.8.0 is affected.
- Version 3.10.0 is affected.
- Version 3.1.1 is affected.
- Version 2.1.2 is affected.
- Version 2.2.1 is affected.
- Version 2.2.0 is affected.
- Version 3.0.2 is affected.
- Version 3.0.3 is affected.
- Version 3.0.1 is affected.
- Version 2.2.2 is affected.
- Version 2.2.3 is affected.
- Version 2.1.0 is affected.
- Version 2.1.1 is affected.
- Version 3.9.1 is affected.
- Version 2.0.10 is affected.
- Version 3.8.1 is affected.
- Version 3.7.1 is affected.
- Version 3.5.1 is affected.
- Version 3.4.2 is affected.
- Version 3.3.1 is affected.
- Version 3.1.7 is affected.
- Version 3.2.1 is affected.
- Version 3.2.2 is affected.
- Version 3.1.6 is affected.
- Version 3.1.2 is affected.
- Version 3.4.1 is affected.
- Version 3.1.3 is affected.
- Version 3.1.4 is affected.
- Version 3.0.6 is affected.
- Version 2.2.10 is affected.
- Version 3.0.4 is affected.
- Version 3.0.5 is affected.
- Version 2.1.56 is affected.
- Version 2.2.4 is affected.
- Version 2.2.9 is affected.
- Version 2.2.8 is affected.
- Version 2.2.5 is affected.
- Version 2.2.7 is affected.
- Version 2.0.39 is affected.
- Version 3.8_DP1 is affected.
- Version 3.9_DP1 is affected.
- Version 3.7_DP2 is affected.
- Version 3.6_DP1 is affected.
- Version 3.5_DP4 is affected.
- Version 3.5_DP2 is affected.
- Version 3.4_DP10 is affected.
- Version 3.7_DP1 is affected.
- Version 3.5_DP3 is affected.
- Version 3.4_DP11 is affected.
- Version 3.5_DP1 is affected.
- Version 3.4_DP8 is affected.
- Version 3.4_DP1 is affected.
- Version 3.4_DP3 is affected.
- Version 3.4_DP5 is affected.
- Version 3.4_DP2 is affected.
- Version 3.4_DP7 is affected.
- Version 3.4_DP6 is affected.
- Version 3.3_DP4 is affected.
- Version 3.4_DP4 is affected.
- Version 3.4_DP9 is affected.
- Version 3.1_DP16 is affected.
- Version 3.3_DP2 is affected.
- Version 3.3_DP3 is affected.
- Version 3.1_DP15 is affected.
- Version 3.3_DP1 is affected.
- Version 3.1_DP13 is affected.
- Version 3.2_DP2 is affected.
- Version 3.2_DP1 is affected.
- Version 3.2_DP3 is affected.
- Version 3.1_DP14 is affected.
- Version 3.2_DP4 is affected.
- Version 3.1_DP7 is affected.
- Version 3.1_DP10 is affected.
- Version 3.1_DP11 is affected.
- Version 3.1_DP4 is affected.
- Version 3.1_DP6 is affected.
- Version 3.1_DP12 is affected.
- Version 3.1_DP5 is affected.
- Version 3.0.7 is affected.
- Version 3.1_DP9 is affected.
- Version 3.1_DP8 is affected.
- Version 3.10_DP1 is affected.
- Version 3.10.2 is affected.
- Version 3.10.3 is affected.
- Version 3.10 is affected.
- Version 3.10.1 is affected.
- Version 3.7.1 Update 03 is affected.
- Version 3.7.1 Update 04 is affected.
- Version 3.7.1 Update 06 is affected.
- Version 3.7.1 Update 07 is affected.
- Version 3.8.1 Update 01 is affected.
- Version 3.8.1 Update 02 is affected.
- Version 3.8.1 Update 03 is affected.
- Version 3.8.1 Update 04 is affected.
- Version 3.9.1 Update 01 is affected.
- Version 3.9.1 Update 02 is affected.
- Version 3.9.1 Update 03 is affected.
- Version 3.9.1 Update 04 is affected.
- Version 3.10 Update 01 is affected.
- Version 3.4.2 Update 01 is affected.
- Version 3.6.0 Update 04 is affected.
- Version 3.6.0 Update 02 is affected.
- Version 3.6.0 Update 03 is affected.
- Version 3.6.0 Update 01 is affected.
- Version 3.5.1 Update 03 is affected.
- Version 3.5.1 Update 01 is affected.
- Version 3.5.1 Update 02 is affected.
- Version 3.7.0 Update 03 is affected.
- Version 2.2.3 Update 05 is affected.
- Version 2.2.3 Update 04 is affected.
- Version 2.2.3 Update 06 is affected.
- Version 2.2.3 Update 03 is affected.
- Version 2.2.3 Update 02 is affected.
- Version 2.2.1 Update 01 is affected.
- Version 2.2.2 Update 03 is affected.
- Version 2.2.2 Update 04 is affected.
- Version 3.8.0 Update 01 is affected.
- Version 3.8.0 Update 02 is affected.
- Version 3.7.1 Update 01 is affected.
- Version 3.7.1 Update 02 is affected.
- Version 3.7.1 Update 05 is affected.
- Version 3.9.0 Update 01 is affected.
- Version 3.3.0 Update 01 is affected.
- Version 3.4.1 Update 02 is affected.
- Version 3.4.1 Update 01 is affected.
- Version 3.5.0 Update 03 is affected.
- Version 3.5.0 Update 01 is affected.
- Version 3.5.0 Update 02 is affected.
- Version 3.10.4 is affected.
- Version 3.10.4 Update 01 is affected.
- Version 3.10.4 Update 02 is affected.
- Version 3.10.4 Update 03 is affected.
- Version 3.10.5 is affected.
- Version 3.10.6 is affected.
- Version 3.10.6 Update 01 is affected.
Exploit Probability
EPSS
0.04%
Percentile
13.10%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.