vulnerability

Cisco NX-OS: CVE-2025-20161: Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:M/C:P/I:C/A:N)	Feb 26, 2025	Feb 27, 2025	Apr 3, 2025

Severity

CVSS

(AV:L/AC:L/Au:M/C:P/I:C/A:N)

Published

Feb 26, 2025

Added

Feb 27, 2025

Modified

Apr 3, 2025

Description

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device.

This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
Note: Administrators should validate the hash of any software image before installation.

Solution

cisco-nx-update-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today