Vulnerability Details CVE-2025-20117
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.8%
CVSS Severity
CVSS v3 Score 5.1
Products affected by CVE-2025-20117
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(10e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(10f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(10g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(1m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(2l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(2o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(41d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(4d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(4e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(5d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(5e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(5f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(6i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(7f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(7k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(8d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(9b)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(9f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(9h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(1h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(2c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(3c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(3d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1a)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2u)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2w)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2x)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(3j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(3l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(3n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(3q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(4i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(4k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(4o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(4p)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(5k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(5l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(5n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(6d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(6g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(6h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(6l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(6o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7t)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7u)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7v)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(7w)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0(1k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1(1h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1(3e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1(4c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(1g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(2f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(3e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(3f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(3g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(4d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(4e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(4f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(4h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(5c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(5d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(5e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(6e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(6g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(6h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(7f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(7g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(8d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(8e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(8f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(8g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(8h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2(8i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3(1d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3(2a)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3(2b)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3(2c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3(2d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(1g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(2j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(3d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(3e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(3g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(4c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(5h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(5j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(6c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(7e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0(8d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.1(1f)