CVE-2025-20150

CVE Database · CVE-2025-20150

CVE-2025-20150

· MEDIUMAnalyzed

CVSS v3.1

5.3

EPSS

0.48%

Published

Apr 16, 2025

Modified

Aug 6, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-209

Affected Products (1)

cisco · nexus_dashboard (up to 3.2\(2f\))vulnerable

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs