Cisco NX-OS Software Sensitive Log Information Disclosure Vulnerability
TL;DR 📌
A medium severity vulnerability has been identified in Cisco NX-OS Software that could allow an authenticated, local attacker to access sensitive log information. No workarounds are available, and Cisco has released fixed software to address this issue.
What happened 🕵️♂️
A vulnerability in the logging feature of Cisco NX-OS Software affects several Cisco Nexus and UCS devices. This vulnerability arises from improper logging of sensitive information, which could allow an authenticated local attacker to access sensitive data, including stored credentials, by exploiting the log files on the device’s file system.
Affected products 🖥️
The following Cisco products are affected by this vulnerability:
- Nexus 3000 Series Switches
- Nexus 9000 Series Switches in standalone NX-OS mode
- UCS 6400 Series Fabric Interconnects
- UCS 6500 Series Fabric Interconnects
- UCS X-Series Direct Fabric Interconnect 9108 100G
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 4.1 and earlier | Migrate to a fixed release. | |
| 4.2 | 4.2(3p) | |
| 4.3 | 4.3(6c) | |
| 6.0 | Not vulnerable. | |
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available to mitigate this vulnerability.
Risk in context 🎯
The vulnerability has a CVSS score of 5.5, categorizing it as Medium severity. The risk is primarily driven by the requirement for local authentication, meaning that an attacker must have access to the device’s file system to exploit the vulnerability. While the potential impact includes exposure of sensitive information, the lack of public exploitation reports suggests that immediate risk may be limited.
Fast facts ⚡
- Vulnerability ID: CVE-2025-20290
- CVSS Score: 5.5 (Medium)
- Affected Products: Nexus 3000, Nexus 9000, UCS 6400, UCS 6500, UCS 9108
- Workarounds: None available
- Fixed Software: Updates released, specific versions not listed
For leadership 🧭
This vulnerability presents a Medium risk to the organization, primarily affecting devices that require authenticated local access for exploitation. The exposure is limited to internal threats, as no internet-facing access is involved. Immediate remediation is advised by applying the fixed software within 7 days of this advisory. The operational impact is expected to be minimal, involving a brief maintenance window with no anticipated configuration drift.
Now: Review the advisory and identify affected devices.
Next: Schedule and apply the necessary software updates.
Later: Monitor for any further advisories or updates from Cisco regarding this vulnerability.