cve-2025-20334
Vulnerability from cvelistv5
Published
2025-09-24 17:07
Modified
2025-09-25 03:55
Severity ?
EPSS score ?
Summary
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.
This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco IOS XE Software |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T03:55:55.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.7"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.9.7a"
},
{
"status": "affected",
"version": "17.9.7b"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.5"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.12.5a"
},
{
"status": "affected",
"version": "17.12.5b"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.15.1"
},
{
"status": "affected",
"version": "17.15.1w"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.15.2"
},
{
"status": "affected",
"version": "17.15.1b"
},
{
"status": "affected",
"version": "17.15.1x"
},
{
"status": "affected",
"version": "17.15.1z"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.15.1y"
},
{
"status": "affected",
"version": "17.15.2b"
},
{
"status": "affected",
"version": "17.16.1"
},
{
"status": "affected",
"version": "17.16.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.\r\n\r This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:07:48.420Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-xe-cmd-inject-rPJM8BGL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL"
}
],
"source": {
"advisory": "cisco-sa-ios-xe-cmd-inject-rPJM8BGL",
"defects": [
"CSCwn48408"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20334",
"datePublished": "2025-09-24T17:07:19.311Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-25T03:55:55.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-20334\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-09-24T17:15:40.337\",\"lastModified\":\"2025-09-24T18:11:24.520\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.\\r\\n\\r This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL\",\"source\":\"psirt@cisco.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.