CVE-2025-20194 | ByteOS Network

Vulnerability Details :

CVE-2025-20194

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-07 May, 2025 | 17:48

Updated At-08 May, 2025 | 03:56

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read limited files from the underlying operating system or clear the syslog and licensing logs on the affected device.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:cisco

Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633

Published At:07 May, 2025 | 17:48

Updated At:08 May, 2025 | 03:56

▼CVE Numbering Authority (CNA)

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read limited files from the underlying operating system or clear the syslog and licensing logs on the affected device.

Affected Products

Vendor

Cisco Systems, Inc.

Product

Cisco IOS XE Software

Versions

Affected

Problem Types

Type	CWE ID	Description
cwe	CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Type: cwe

CWE ID: CWE-78

Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics

Version	Base score	Base severity	Vector
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

References

Hyperlink	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6	N/A

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:psirt@cisco.com

Published At:07 May, 2025 | 18:15

Updated At:11 Jul, 2025 | 14:57

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read limited files from the underlying operating system or clear the syslog and licensing logs on the affected device.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CPE Matches

Cisco Systems, Inc.

>>ios_xe>>17.3.1

cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.1a

cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.1w

cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.1x

cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.1z

cpe:2.3:o:cisco:ios_xe:17.3.1z:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.2

cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.2a

cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.3

cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.4

cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.4a

cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.4b

cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.4c

cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.5

cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.5a

cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.5b

cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.6

cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.7

cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.8

cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3.8a

cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.4.1

cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.4.1a

cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.4.1b

cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.4.2

cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.4.2a

cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.5.1

cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.5.1a

cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1

cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1a

cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1w

cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1x

cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1y

cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1z

cpe:2.3:o:cisco:ios_xe:17.6.1z:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.1z1

cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.2

cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.3

cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.3a

cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.4

cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.5

cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.5a

cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.6

cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.6a

cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.7

cpe:2.3:o:cisco:ios_xe:17.6.7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.8

cpe:2.3:o:cisco:ios_xe:17.6.8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.6.8a

cpe:2.3:o:cisco:ios_xe:17.6.8a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.7.1

cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.7.1a

cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.7.1b

cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.7.2

cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.8.1

cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.8.1a

cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-78	Primary	psirt@cisco.com

CWE ID: CWE-78

Type: Primary

Source: psirt@cisco.com

References

Hyperlink	Source	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6	psirt@cisco.com	Vendor Advisory

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6

Source: psirt@cisco.com

Resource:

Vendor Advisory