CVE-2025-20257

Name of the Vulnerable Software and Affected Versions Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager (affected versions not specified)

Description A vulnerability in the API subsystem could allow an authenticated, remote attacker with low privileges to generate fraudulent findings used to generate alarms and alerts on an affected product. This issue is due to insufficient authorization enforcement on a specific API. An attacker could exploit this by authenticating as a low-privileged user and performing API calls with crafted input, potentially allowing them to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.