How severe is CVE-2025-20118?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2025-20118?

This is classified as CWE-212, which is a common weakness in software security.

CVE-2025-20118 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.

Related Vulnerabilities

CVE-2019-19362

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved with...

CWE-2122019

CVE-2022-4734

MEDIUM

CVSS:4.3(Medium)

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

CWE-2122022

CVE-2023-28834

MEDIUM

CVSS:4.3(Medium)

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6...

CWE-2122023

CVE-2021-33082

MEDIUM

CVSS:4.6(Medium)

Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information di...

CWE-2122021

CVE-2024-6055

MEDIUM

CVSS:4.7(Medium)

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings t...

CWE-2122024

CVE-2025-48708

MEDIUM

CVSS:4.0(Medium)

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

CWE-2122025