CVE-2025-20119 Cisco Application Policy Infrastructure Controller race condition (cisco-sa-apic-multi-vulns-9ummtg5)

A race condition vulnerability in Cisco Application Policy Infrastructure Controller (APIC) versions up to 6.1(1f) allows an authenticated, local attacker to overwrite critical system files, potentially leading to a Denial of Service (DoS) condition. The vulnerability, CVE-2025-20119, requires valid administrative credentials and specific file system operations for exploitation. Cisco has released software updates to address this vulnerability, and upgrading is the recommended countermeasure.