CVE-2025-20163

Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability

Description

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.

INFO

Published Date :

2025-06-04T16:17:44.257Z

Last Modified :

2026-02-26T18:27:37.121Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2025-20163 vulnerability.

Vendors	Products
Cisco	Nexus Dashboard Nexus Dashboard Fabric Controller

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20163.

URL	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact