Cisco Catalyst Center Auth Remote Command Injection via REST API
CVE-2025-20349 Published on November 13, 2025

Cisco DNA Center API Command Injection Vulnerability
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.

NVD

Vulnerability Analysis

CVE-2025-20349 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2025-20349 has been classified to as a Shell injection vulnerability or weakness.

Products Associated with CVE-2025-20349

stack.watch emails you whenever new vulnerabilities are published in Cisco Dna Center or Cisco Catalyst Center. Just hit a watch button to start following.

Cisco Dna Center

Cisco Catalyst Center

Affected Versions

Cisco Digital Network Architecture Center (DNA Center):

Version 1.4.0.0 is affected.
Version 2.1.1.0 is affected.
Version 2.1.1.3 is affected.
Version 2.1.2.0 is affected.
Version 2.1.2.3 is affected.
Version 2.1.2.4 is affected.
Version 2.1.2.5 is affected.
Version 2.2.1.0 is affected.
Version 2.1.2.6 is affected.
Version 2.2.2.0 is affected.
Version 2.2.2.1 is affected.
Version 2.2.2.3 is affected.
Version 2.1.2.7 is affected.
Version 2.2.1.3 is affected.
Version 2.2.3.0 is affected.
Version 2.2.2.4 is affected.
Version 2.2.2.5 is affected.
Version 2.2.3.3 is affected.
Version 2.2.2.7 is affected.
Version 2.2.2.6 is affected.
Version 2.2.2.8 is affected.
Version 2.2.3.4 is affected.
Version 2.1.2.8 is affected.
Version 2.3.2.1 is affected.
Version 2.3.2.1-AIRGAP is affected.
Version 2.3.2.1-AIRGAP-CA is affected.
Version 2.2.3.5 is affected.
Version 2.3.3.0 is affected.
Version 2.3.3.3 is affected.
Version 2.3.3.1-AIRGAP is affected.
Version 2.3.3.1 is affected.
Version 2.3.2.3 is affected.
Version 2.3.3.3-AIRGAP is affected.
Version 2.2.3.6 is affected.
Version 2.2.2.9 is affected.
Version 2.3.3.0-AIRGAP is affected.
Version 2.3.3.3-AIRGAP-CA is affected.
Version 2.3.3.4 is affected.
Version 2.3.3.4-AIRGAP is affected.
Version 2.3.3.4-AIRGAP-MDNAC is affected.
Version 2.3.3.4-HF1 is affected.
Version 2.3.4.0 is affected.
Version 2.3.3.5 is affected.
Version 2.3.3.5-AIRGAP is affected.
Version 2.3.4.0-AIRGAP is affected.
Version 2.3.4.3 is affected.
Version 2.3.4.3-AIRGAP is affected.
Version 2.3.3.6 is affected.
Version 2.3.5.0 is affected.
Version 2.3.3.6-AIRGAP is affected.
Version 2.3.5.0-AIRGAP is affected.
Version 2.3.3.6-AIRGAP-MDNAC is affected.
Version 2.3.5.0-AIRGAP-MDNAC is affected.
Version 2.3.3.7 is affected.
Version 2.3.3.7-AIRGAP is affected.
Version 2.3.3.7-AIRGAP-MDNAC is affected.
Version 2.3.6.0 is affected.
Version 2.3.3.6-70045-HF1 is affected.
Version 2.3.3.7-72328-AIRGAP is affected.
Version 2.3.3.7-72323 is affected.
Version 2.3.3.7-72328-MDNAC is affected.
Version 2.3.5.3 is affected.
Version 2.3.5.3-AIRGAP-MDNAC is affected.
Version 2.3.5.3-AIRGAP is affected.
Version 2.3.6.0-AIRGAP is affected.
Version 2.3.7.0 is affected.
Version 2.3.7.0-AIRGAP is affected.
Version 2.3.7.0-AIRGAP-MDNAC is affected.
Version 2.3.7.0-VA is affected.
Version 2.3.5.4 is affected.
Version 2.3.5.4-AIRGAP is affected.
Version 2.3.5.4-AIRGAP-MDNAC is affected.
Version 2.3.7.3 is affected.
Version 2.3.7.3-AIRGAP is affected.
Version 2.3.7.3-AIRGAP-MDNAC is affected.
Version 2.3.5.5-AIRGAP is affected.
Version 2.3.5.5 is affected.
Version 2.3.5.5-AIRGAP-MDNAC is affected.
Version 2.3.7.4 is affected.
Version 2.3.7.4-AIRGAP is affected.
Version 2.3.7.4-AIRGAP-MDNAC is affected.
Version 2.3.7.5-AIRGAP is affected.
Version 2.3.7.5-VA is affected.
Version 2.3.5.6-AIRGAP is affected.
Version 2.3.5.6 is affected.
Version 2.3.5.6-AIRGAP-MDNAC is affected.
Version 1.0.0.0 is affected.
Version 2.3.7.6-AIRGAP is affected.
Version 2.3.7.6 is affected.
Version 2.3.7.6-VA is affected.
Version 2.3.5.5-70026-HF70 is affected.
Version 2.3.5.5-70026-HF51 is affected.
Version 2.3.5.6-70143-HF20 is affected.
Version 2.3.7.6-AIRGAP-MDNAC is affected.
Version 2.3.5.5-70026-HF52 is affected.
Version 2.3.5.5-70026-HF53 is affected.
Version 2.3.5.5-70026-HF71 is affected.
Version 2.3.7.7 is affected.
Version 2.3.7.7-VA is affected.
Version 2.3.7.7-AIRGAP is affected.
Version 2.3.7.7-AIRGAP-MDNAC is affected.
Version 2.3.5.5-70026-HF72 is affected.
Version 2.3.7.9-VA is affected.
Version 2.3.7.9 is affected.
Version 2.3.7.9-AIRGAP is affected.
Version 2.3.7.9-AIRGAP-MDNAC is affected.
Version 2.3.7.9-70301-SMU1 is affected.
Version 2.3.5.3-EULA is affected.
Version 0.0.0.0 is affected.

Exploit Probability

EPSS

0.35%

Percentile

57.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.