CVE-2025-20344

Summary

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device.

This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Nexus Dashboard1.1(3e)affected
CiscoCisco Nexus Dashboard1.1(3c)affected
CiscoCisco Nexus Dashboard1.1(3d)affected
CiscoCisco Nexus Dashboard1.1(0d)affected
CiscoCisco Nexus Dashboard1.1(2i)affected
CiscoCisco Nexus Dashboard2.0(1b)affected
CiscoCisco Nexus Dashboard1.1(2h)affected
CiscoCisco Nexus Dashboard1.1(0c)affected
CiscoCisco Nexus Dashboard1.1(3f)affected
CiscoCisco Nexus Dashboard2.1(1d)affected
CiscoCisco Nexus Dashboard2.1(1e)affected
CiscoCisco Nexus Dashboard2.0(2g)affected
CiscoCisco Nexus Dashboard2.0(2h)affected
CiscoCisco Nexus Dashboard2.1(2d)affected
CiscoCisco Nexus Dashboard2.0(1d)affected
CiscoCisco Nexus Dashboard2.2(1h)affected
CiscoCisco Nexus Dashboard2.2(1e)affected
CiscoCisco Nexus Dashboard2.2(2d)affected
CiscoCisco Nexus Dashboard2.1(2f)affected
CiscoCisco Nexus Dashboard2.3(1c)affected
CiscoCisco Nexus Dashboard2.3(2b)affected
CiscoCisco Nexus Dashboard2.3(2c)affected
CiscoCisco Nexus Dashboard2.3(2d)affected
CiscoCisco Nexus Dashboard2.3(2e)affected
CiscoCisco Nexus Dashboard3.0(1f)affected
CiscoCisco Nexus Dashboard3.0(1i)affected
CiscoCisco Nexus Dashboard3.1(1k)affected
CiscoCisco Nexus Dashboard3.1(1l)affected
CiscoCisco Nexus Dashboard3.2(1e)affected
CiscoCisco Nexus Dashboard3.2(1i)affected
CiscoCisco Nexus Dashboard3.3(1a)affected
CiscoCisco Nexus Dashboard3.3(1b)affected
CiscoCisco Nexus Dashboard3.3(2b)affected
CiscoCisco Nexus Dashboard4.0(1i)affected
CiscoCisco Nexus Dashboard3.3(2g)affected
CiscoCisco Nexus Dashboard3.2(2f)affected
CiscoCisco Nexus Dashboard3.2(2g)affected
CiscoCisco Nexus Dashboard3.2(2m)affected
CiscoCisco Nexus Dashboard3.1(1n)affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References