CVE-2025-20272
📋 TL;DR
An authenticated low-privileged attacker can exploit insufficient input validation in certain REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager to conduct blind SQL injection attacks. This allows viewing data from database tables on affected devices. Organizations running vulnerable versions of these Cisco network management products are affected.
💻 Affected Systems
- Cisco Prime Infrastructure
- Cisco Evolved Programmable Network Manager
📦 What is this software?
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
Evolved Programmable Network Manager by Cisco
View all CVEs affecting Evolved Programmable Network Manager →
⚠️ Risk & Real-World Impact
Worst Case
Attacker exfiltrates sensitive configuration data, credentials, or network topology information from database tables, potentially enabling further attacks.
Likely Case
Attacker extracts limited database information accessible to low-privileged accounts, potentially revealing system configuration details.
If Mitigated
With proper network segmentation and access controls, impact is limited to viewing non-sensitive data in specific database tables.
🎯 Exploit Status
Requires authentication and knowledge of specific vulnerable API endpoints; blind SQL injection requires time-based or boolean inference techniques
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Cisco advisory for specific fixed versions
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb
Restart Required: Yes
Instructions:
1. Review Cisco advisory for affected versions 2. Download and install appropriate fixed version 3. Restart affected services or appliances 4. Verify patch installation
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to management interfaces to trusted IP addresses only
Configure firewall rules to limit access to Cisco Prime/EPNM management interfaces
API Endpoint Disablement
allDisable unused REST API endpoints if possible
Consult Cisco documentation for API management configuration
🧯 If You Can't Patch
- Implement strict network segmentation to isolate management interfaces
- Enforce principle of least privilege for all user accounts accessing these systems
🔍 How to Verify
Check if Vulnerable:
Check current software version against affected versions in Cisco advisoryCheck Version:
Check via web interface: Admin > System > Software Update or via CLI: show versionVerify Fix Applied:
Verify installed version matches fixed version from Cisco advisory📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed authentication attempts followed by API requests
- Requests to specific REST API endpoints with SQL-like patterns
Network Indicators:
- Unusual outbound database connections from management appliances
- Patterns of time-delayed API responses suggesting blind SQL injection
SIEM Query:
source="cisco-prime" OR source="cisco-epnm" AND (message="*SQL*" OR message="*syntax*" OR message="*database*")