{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-20163","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2024-10-10T19:15:13.217Z","datePublished":"2025-06-04T16:17:44.257Z","dateUpdated":"2026-02-26T18:27:37.121Z"},"containers":{"cna":{"title":"Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.\r\n\r\nThis vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp","name":"cisco-sa-ndfc-shkv-snQJtjrp"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-ndfc-shkv-snQJtjrp","discovery":"EXTERNAL","defects":["CSCwm50501"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Key Exchange without Entity Authentication","type":"cwe","cweId":"CWE-322"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Data Center Network Manager","versions":[{"version":"11.2(1)","status":"affected"},{"version":"7.0(2)","status":"affected"},{"version":"10.3(2)IPFM","status":"affected"},{"version":"10.1(1)","status":"affected"},{"version":"7.2(3)","status":"affected"},{"version":"7.2(2)","status":"affected"},{"version":"7.2(1)","status":"affected"},{"version":"11.0(1)","status":"affected"},{"version":"10.4(1)","status":"affected"},{"version":"10.2(1)","status":"affected"},{"version":"7.2(2a)","status":"affected"},{"version":"10.1(2)","status":"affected"},{"version":"7.1(1)","status":"affected"},{"version":"12.1(1)","status":"affected"},{"version":"11.1(1)","status":"affected"},{"version":"10.3(1)","status":"affected"},{"version":"10.3(1)R(1)","status":"affected"},{"version":"7.0(1)","status":"affected"},{"version":"10.0(1)","status":"affected"},{"version":"7.1(2)","status":"affected"},{"version":"11.4(1)","status":"affected"},{"version":"10.4(2)","status":"affected"},{"version":"11.3(1)","status":"affected"},{"version":"11.5(1)","status":"affected"},{"version":"11.5(2)","status":"affected"},{"version":"11.5(3)","status":"affected"},{"version":"12.0.1a","status":"affected"},{"version":"11.5(3a)","status":"affected"},{"version":"12.0.2d","status":"affected"},{"version":"12.0.2f","status":"affected"},{"version":"11.5(4)","status":"affected"},{"version":"12.1.1","status":"affected"},{"version":"12.1.1e","status":"affected"},{"version":"12.1.1p","status":"affected"},{"version":"12.1.2e","status":"affected"},{"version":"12.1.2p","status":"affected"},{"version":"12.1.3b","status":"affected"},{"version":"12.2.1","status":"affected"},{"version":"12.2.2","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Cisco","product":"Cisco Nexus Dashboard","versions":[{"version":"3.1(1k)","status":"affected"},{"version":"3.1(1l)","status":"affected"},{"version":"3.2(1e)","status":"affected"},{"version":"3.2(1i)","status":"affected"},{"version":"3.3(1a)","status":"affected"},{"version":"3.3(1b)","status":"affected"},{"version":"3.3(2b)","status":"affected"},{"version":"4.0(1i)","status":"affected"},{"version":"3.3(2g)","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2025-06-04T16:17:44.257Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-20163","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-06-05T03:55:24.665920Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:27:37.121Z"}}]}}