CVE-2025-20120
📋 TL;DR
An unauthenticated remote attacker can inject malicious scripts into Cisco EPNM and Prime Infrastructure web interfaces, which then execute in victims' browsers when they view compromised pages. This stored XSS vulnerability affects all users of these network management systems. Attackers could steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- Cisco Evolved Programmable Network Manager (EPNM)
- Cisco Prime Infrastructure
📦 What is this software?
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains administrative access to network management system, modifies configurations, deploys malicious software to managed devices, or exfiltrates sensitive network data.
Likely Case
Attacker steals session cookies to hijack authenticated sessions, potentially gaining access to network management functions or sensitive information displayed in the interface.
If Mitigated
Limited to stealing non-critical session data or performing minor interface modifications if proper input validation and output encoding are implemented.
🎯 Exploit Status
Exploitation requires knowledge of specific vulnerable pages and ability to inject payloads that persist in the interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Cisco advisory for specific fixed versions
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4
Restart Required: Yes
Instructions:
1. Review Cisco advisory for affected versions. 2. Download and apply the appropriate patch from Cisco. 3. Restart the affected services or appliance. 4. Verify the fix by testing the previously vulnerable pages.
🔧 Temporary Workarounds
Input Validation Enhancement
allImplement additional input validation on web interface endpoints
Configuration varies by specific implementation; refer to Cisco documentation for input validation best practices
Web Application Firewall
allDeploy WAF with XSS protection rules to filter malicious payloads
WAF configuration depends on specific product; enable XSS protection rules and input validation
🧯 If You Can't Patch
- Restrict network access to management interfaces using firewall rules or network segmentation
- Implement Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Review system version against Cisco advisory; test specific interface pages for XSS vulnerabilities using safe payloadsCheck Version:
Check web interface login page or use CLI command specific to each product (e.g., 'show version' in CLI)Verify Fix Applied:
After patching, attempt to inject test XSS payloads into previously vulnerable fields and verify they are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to management interface with script tags or JavaScript code
- Multiple failed login attempts followed by successful access from new IP
Network Indicators:
- HTTP requests containing common XSS payload patterns to management interface endpoints
SIEM Query:
source="web_server_logs" AND (uri="*management*" OR uri="*admin*") AND (request_body="*<script>*" OR request_body="*javascript:*")