Cisco UCS Manager Software Command Injection Vulnerabilities

SecurityVulns
Yanac

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to <em>root</em>.<br><br>
For more information about these vulnerabilities, see the <a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco UCS Manager Software Command Injection Vulnerabilities%26vs_k=1#details”>Details</a> section of this advisory.<br><br>
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz”>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz</a><br><br>

This advisory is part of the August 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href=”https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75667″ rel=”nofollow”>Cisco Event Response: August 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication</a>.<br><br>

<br/>Security Impact Rating: Medium

<br/>CVE: CVE-2025-20294,CVE-2025-20295Cisco Security AdvisoryRead More