How severe is CVE-2025-20161?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2025-20161?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2025-20161 - MEDIUM Severity | CVSS 5.1

Vulnerability Description

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.  Note: Administrators should validate the hash of any software image before installation.

Related Vulnerabilities

CVE-2021-21569

MEDIUM

CVSS:4.9(Medium)

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain acces...

CWE-782021

CVE-2021-21570

MEDIUM

CVSS:4.9(Medium)

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and g...

CWE-782021

CVE-2017-3806

MEDIUM

CVSS:5.3(Medium)

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject...

CWE-782017

CVE-2018-15726

MEDIUM

CVSS:5.3(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

CWE-782018

CVE-2019-20807

MEDIUM

CVSS:5.3(Medium)

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CWE-782019

CVE-2020-26294

MEDIUM

CVSS:5.3(Medium)

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server co...

CWE-782020