Unrated severityNVD Advisory· Published Jun 4, 2025· Updated Feb 26, 2026

Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability

CVE-2025-20163

Description

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.

This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.

Affected products

Cisco Systems, Inc./Nexus Dashboard Fabric Controllerllm-fuzzy
Cisco Systems, Inc./Data Center Network Managercpe-rescue
Range: 11.2(1)
Cisco Systems, Inc./Nexus Dashboardcpe-rescue
Range: 3.1(1k)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrpmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000