CVE-2025-20290 - Vulnerability Details

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive information. This vulnerability is due to improper logging of sensitive information. An attacker could exploit this vulnerability by accessing log files on the file system where they are stored. A successful exploit could allow the attacker to access sensitive information, such as stored credentials.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Nexus Nexus 3000 Nexus 9000 Nx-os Ucs 6400 Ucs 6500 Ucs 9108 Unified Computing System Manager

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-infodis-TEcTYSFG

History

Wed, 27 Aug 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco nexus Cisco nexus 3000 Cisco nexus 9000 Cisco nx-os Cisco ucs 6400 Cisco ucs 6500 Cisco ucs 9108 Cisco unified Computing System Manager
Vendors & Products		Cisco Cisco nexus Cisco nexus 3000 Cisco nexus 9000 Cisco nx-os Cisco ucs 6400 Cisco ucs 6500 Cisco ucs 9108 Cisco unified Computing System Manager

Wed, 27 Aug 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 27 Aug 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive information. This vulnerability is due to improper logging of sensitive information. An attacker could exploit this vulnerability by accessing log files on the file system where they are stored. A successful exploit could allow the attacker to access sensitive information, such as stored credentials.
Title		Cisco NXOS Software Sensitive Log Information Disclosure Vulnerability
Weaknesses		CWE-200
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-infodis-TEcTYSFG
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-08-27T16:23:46.216Z

Updated: 2025-08-27T18:23:36.610Z

Reserved: 2024-10-10T19:15:13.251Z

Link: CVE-2025-20290

Vulnrichment

Updated: 2025-08-27T18:22:03.664Z

NVD

Status : Received

Published: 2025-08-27T17:15:35.083

Modified: 2025-08-27T17:15:35.083

Link: CVE-2025-20290

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object