CVE-2025-20187

07.05.2025, 18:15

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system.

This vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected system. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the affected system.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cisco	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
cisco	catalyst_sd-wan_manager	17.2.4
cisco	catalyst_sd-wan_manager	17.2.5
cisco	catalyst_sd-wan_manager	17.2.6
cisco	catalyst_sd-wan_manager	17.2.7
cisco	catalyst_sd-wan_manager	17.2.8
cisco	catalyst_sd-wan_manager	17.2.9
cisco	catalyst_sd-wan_manager	17.2.10
cisco	catalyst_sd-wan_manager	18.2.0
cisco	catalyst_sd-wan_manager	18.3.0
cisco	catalyst_sd-wan_manager	18.3.1
cisco	catalyst_sd-wan_manager	18.3.1.1
cisco	catalyst_sd-wan_manager	18.3.3
cisco	catalyst_sd-wan_manager	18.3.3.1
cisco	catalyst_sd-wan_manager	18.3.4
cisco	catalyst_sd-wan_manager	18.3.5
cisco	catalyst_sd-wan_manager	18.3.6
cisco	catalyst_sd-wan_manager	18.3.6.1
cisco	catalyst_sd-wan_manager	18.3.7
cisco	catalyst_sd-wan_manager	18.3.8
cisco	catalyst_sd-wan_manager	18.4.0
cisco	catalyst_sd-wan_manager	18.4.0.1
cisco	catalyst_sd-wan_manager	18.4.1
cisco	catalyst_sd-wan_manager	18.4.3
cisco	catalyst_sd-wan_manager	18.4.4
cisco	catalyst_sd-wan_manager	18.4.5
cisco	catalyst_sd-wan_manager	18.4.6
cisco	catalyst_sd-wan_manager	18.4.302
cisco	catalyst_sd-wan_manager	18.4.303
cisco	catalyst_sd-wan_manager	18.4.501_es:_es
cisco	catalyst_sd-wan_manager	19.0.0
cisco	catalyst_sd-wan_manager	19.0.1a:a
cisco	catalyst_sd-wan_manager	19.1.0
cisco	catalyst_sd-wan_manager	19.2.0
cisco	catalyst_sd-wan_manager	19.2.1
cisco	catalyst_sd-wan_manager	19.2.2
cisco	catalyst_sd-wan_manager	19.2.3
cisco	catalyst_sd-wan_manager	19.2.4
cisco	catalyst_sd-wan_manager	19.2.4.0.1
cisco	catalyst_sd-wan_manager	19.2.4.0.8
cisco	catalyst_sd-wan_manager	19.2.4.0.9
cisco	catalyst_sd-wan_manager	19.2.31
cisco	catalyst_sd-wan_manager	19.2.32
cisco	catalyst_sd-wan_manager	19.2.097
cisco	catalyst_sd-wan_manager	19.2.098
cisco	catalyst_sd-wan_manager	19.2.099
cisco	catalyst_sd-wan_manager	19.2.929
cisco	catalyst_sd-wan_manager	19.3.0
cisco	catalyst_sd-wan_manager	20.1.1
cisco	catalyst_sd-wan_manager	20.1.1.1
cisco	catalyst_sd-wan_manager	20.1.2
cisco	catalyst_sd-wan_manager	20.1.2_937:_937
cisco	catalyst_sd-wan_manager	20.1.3
cisco	catalyst_sd-wan_manager	20.1.3.1
cisco	catalyst_sd-wan_manager	20.1.12
cisco	catalyst_sd-wan_manager	20.3.1
cisco	catalyst_sd-wan_manager	20.3.2
cisco	catalyst_sd-wan_manager	20.3.2.0.5
cisco	catalyst_sd-wan_manager	20.3.2.0.6
cisco	catalyst_sd-wan_manager	20.3.2.1
cisco	catalyst_sd-wan_manager	20.3.2.1_927:_927
cisco	catalyst_sd-wan_manager	20.3.2.1_930:_930
cisco	catalyst_sd-wan_manager	20.3.2_925:_925
cisco	catalyst_sd-wan_manager	20.3.2_928:_928
cisco	catalyst_sd-wan_manager	20.3.2_929:_929
cisco	catalyst_sd-wan_manager	20.3.2_937:_937
cisco	catalyst_sd-wan_manager	20.3.3
cisco	catalyst_sd-wan_manager	20.3.3.0.8
cisco	catalyst_sd-wan_manager	20.3.3.0.14
cisco	catalyst_sd-wan_manager	20.3.3.0.16
cisco	catalyst_sd-wan_manager	20.3.3.0.17
cisco	catalyst_sd-wan_manager	20.3.3.0.18
cisco	catalyst_sd-wan_manager	20.3.3.1
cisco	catalyst_sd-wan_manager	20.3.3.1.1
cisco	catalyst_sd-wan_manager	20.3.3.1.2
cisco	catalyst_sd-wan_manager	20.3.3.1.5
cisco	catalyst_sd-wan_manager	20.3.3.1.7
cisco	catalyst_sd-wan_manager	20.3.3.1.10
cisco	catalyst_sd-wan_manager	20.3.3.2
cisco	catalyst_sd-wan_manager	20.3.4
cisco	catalyst_sd-wan_manager	20.3.4.0.1
cisco	catalyst_sd-wan_manager	20.3.4.0.5
cisco	catalyst_sd-wan_manager	20.3.4.0.6
cisco	catalyst_sd-wan_manager	20.3.4.0.11
cisco	catalyst_sd-wan_manager	20.3.4.0.19
cisco	catalyst_sd-wan_manager	20.3.4.0.20
cisco	catalyst_sd-wan_manager	20.3.4.0.24
cisco	catalyst_sd-wan_manager	20.3.4.0.25
cisco	catalyst_sd-wan_manager	20.3.4.0.26
cisco	catalyst_sd-wan_manager	20.10.1
cisco	catalyst_sd-wan_manager	20.10.1.1
cisco	catalyst_sd-wan_manager	20.10.1.2
cisco	catalyst_sd-wan_manager	20.11.1
cisco	catalyst_sd-wan_manager	20.11.1.1
cisco	catalyst_sd-wan_manager	20.11.1.2
cisco	catalyst_sd-wan_manager	20.12.1
cisco	catalyst_sd-wan_manager	20.12.2
cisco	catalyst_sd-wan_manager	20.12.3
cisco	catalyst_sd-wan_manager	20.12.3.1
cisco	catalyst_sd-wan_manager	20.12.4
cisco	catalyst_sd-wan_manager	20.12.4.0.03
cisco	catalyst_sd-wan_manager	20.12.4.0.4
cisco	catalyst_sd-wan_manager	20.12.4.1
cisco	catalyst_sd-wan_manager	20.12.401
cisco	catalyst_sd-wan_manager	20.13.1
cisco	catalyst_sd-wan_manager	20.14.1
cisco	catalyst_sd-wan_manager	20.15.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ