We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20164



Description

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-08 | Assigner cisco


HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Problem types

Missing Authorization

Product status

15.0(2)SE8
affected

15.0(2)EA
affected

15.0(2)EA1
affected

15.2(2)E
affected

15.2(2)E1
affected

15.2(3)E1
affected

15.2(2)E2
affected

15.2(2)E3
affected

15.2(2a)E2
affected

15.2(3)E2
affected

15.2(3)E3
affected

15.2(2)E4
affected

15.2(2)E5
affected

15.2(3)E4
affected

15.2(5)E
affected

15.2(2)E6
affected

15.2(5)E1
affected

15.2(2)E5a
affected

15.2(5a)E1
affected

15.2(2)E7
affected

15.2(5)E2
affected

15.2(6)E
affected

15.2(5)E2c
affected

15.2(2)E8
affected

15.2(6)E0a
affected

15.2(6)E1
affected

15.2(6)E0c
affected

15.2(2)E9
affected

15.2(7)E
affected

15.2(2)E10
affected

15.2(6)E2a
affected

15.2(7)E0b
affected

15.2(7)E0s
affected

15.2(6)E3
affected

15.2(7)E2
affected

15.2(7)E3
affected

15.2(7)E1a
affected

15.2(7)E4
affected

15.2(8)E
affected

15.2(8)E1
affected

15.2(7)E5
affected

15.2(7)E6
affected

15.2(8)E2
affected

15.2(7)E7
affected

15.2(8)E3
affected

15.2(7)E8
affected

15.2(8)E4
affected

15.2(7)E9
affected

15.2(8)E5
affected

15.2(8)E6
affected

15.2(7)E10
affected

15.2(7)E11
affected

15.2(1)EY
affected

15.0(2)EK
affected

15.0(2)EK1
affected

15.2(2)EB
affected

15.2(2)EB1
affected

15.2(2)EB2
affected

15.2(6)EB
affected

15.2(2)EA
affected

15.2(2)EA2
affected

15.2(3)EA
affected

15.2(4)EA
affected

15.2(4)EA1
affected

15.2(2)EA3
affected

15.2(4)EA4
affected

15.2(4)EA5
affected

15.2(4)EA6
affected

15.2(4)EA7
affected

15.2(4)EA8
affected

15.2(4)EA9
affected

15.2(4)EA9a
affected

15.2(4)EC1
affected

15.2(4)EC2
affected

15.3(3)JPU
affected

References

sec.cloudapps.cisco.com/...cisco-sa-ios-http-privesc-wCRd5e3 (cisco-sa-ios-http-privesc-wCRd5e3)

cve.org (CVE-2025-20164)

nvd.nist.gov (CVE-2025-20164)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20164

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.