VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Aug 27, 2025· Updated Apr 15, 2026

CVE-2025-20290

CVE-2025-20290

Description

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive information.

This vulnerability is due to improper logging of sensitive information. An attacker could exploit this vulnerability by accessing log files on the file system where they are stored. A successful exploit could allow the attacker to access sensitive information, such as stored credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco NX-OS Software logs sensitive information, allowing authenticated local attackers to access stored credentials via log files.

Vulnerability

Overview

A vulnerability in the logging feature of Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches, UCS 6400 and 6500 Fabric Interconnects, and UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker to access sensitive information. The issue stems from improper logging of sensitive data, such as credentials, into log files stored on the device's file system [1].

Exploitation

An attacker with local access to the affected device and valid authentication credentials can exploit this vulnerability by directly accessing the log files where the sensitive information is stored. No additional privileges or network access beyond local file system access are required [1].

Impact

Successful exploitation could lead to the disclosure of sensitive information, including stored credentials. This information could then be used to further compromise the device or network [1].

Mitigation

Cisco has released software updates to address this vulnerability. Customers are advised to consult the Cisco Security Advisory and use the Cisco Software Checker to determine the appropriate fixed release for their platform [1]. No workarounds are available.

References
  1. Cisco Security Advisory: Cisco NX-OS Software Sensitive Log Information Disclosure Vulnerability

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.