CVE-2025-20195 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to clear the syslog, parser, and licensing logs on the affected device if the targeted user has privileges to clear those logs.

PUBLISHED Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

16.1.1

affected

16.1.2

affected

16.1.3

affected

16.2.1

affected

16.2.2

affected

16.3.1

affected

16.3.2

affected

16.3.3

affected

16.3.1a

affected

16.3.4

affected

16.3.5

affected

16.3.5b

affected

16.3.6

affected

16.3.7

affected

16.3.8

affected

16.3.9

affected

16.3.10

affected

16.3.11

affected

16.4.1

affected

16.4.2

affected

16.4.3

affected

16.5.1

affected

16.5.1a

affected

16.5.1b

affected

16.5.2

affected

16.5.3

affected

16.6.1

affected

16.6.2

affected

16.6.3

affected

16.6.4

affected

16.6.5

affected

16.6.4a

affected

16.6.5a

affected

16.6.6

affected

16.6.7

affected

16.6.8

affected

16.6.9

affected

16.6.10

affected

16.7.1

affected

16.7.1a

affected

16.7.1b

affected

16.7.2

affected

16.7.3

affected

16.7.4

affected

16.8.1

affected

16.8.1a

affected

16.8.1b

affected

16.8.1s

affected

16.8.1c

affected

16.8.1d

affected

16.8.2

affected

16.8.1e

affected

16.8.3

affected

16.9.1

affected

16.9.2

affected

16.9.1a

affected

16.9.1b

affected

16.9.1s

affected

16.9.3

affected

16.9.4

affected

16.9.3a

affected

16.9.5

affected

16.9.5f

affected

16.9.6

affected

16.9.7

affected

16.9.8

affected

16.10.1

affected

16.10.1a

affected

16.10.1b

affected

16.10.1s

affected

16.10.1c

affected

16.10.1e

affected

16.10.1d

affected

16.10.2

affected

16.10.1f

affected

16.10.1g

affected

16.10.3

affected

16.11.1

affected

16.11.1a

affected

16.11.1b

affected

16.11.2

affected

16.11.1s

affected

16.12.1

affected

16.12.1s

affected

16.12.1a

affected

16.12.1c

affected

16.12.1w

affected

16.12.2

affected

16.12.1y

affected

16.12.2a

affected

16.12.3

affected

16.12.8

affected

16.12.2s

affected

16.12.1x

affected

16.12.1t

affected

16.12.4

affected

16.12.3s

affected

16.12.3a

affected

16.12.4a

affected

16.12.5

affected

16.12.6

affected

16.12.1z1

affected

16.12.5a

affected

16.12.5b

affected

16.12.1z2

affected

16.12.6a

affected

16.12.7

affected

16.12.9

affected

16.12.10

affected

16.12.10a

affected

16.12.11

affected

16.12.12

affected

17.1.1

affected

17.1.1a

affected

17.1.1s

affected

17.1.1t

affected

17.1.3

affected

17.2.1

affected

17.2.1r

affected

17.2.1a

affected

17.2.1v

affected

17.2.2

affected

17.2.3

affected

17.3.1

affected

17.3.2

affected

17.3.3

affected

17.3.1a

affected

17.3.1w

affected

17.3.2a

affected

17.3.1x

affected

17.3.1z

affected

17.3.4

affected

17.3.5

affected

17.3.4a

affected

17.3.6

affected

17.3.4b

affected

17.3.4c

affected

17.3.5a

affected

17.3.5b

affected

17.3.7

affected

17.3.8

affected

17.3.8a

affected

17.4.1

affected

17.4.2

affected

17.4.1a

affected

17.4.1b

affected

17.4.2a

affected

17.5.1

affected

17.5.1a

affected

17.6.1

affected

17.6.2

affected

17.6.1w

affected

17.6.1a

affected

17.6.1x

affected

17.6.3

affected

17.6.1y

affected

17.6.1z

affected

17.6.3a

affected

17.6.4

affected

17.6.1z1

affected

17.6.5

affected

17.6.6

affected

17.6.6a

affected

17.6.5a

affected

17.6.7

affected

17.7.1

affected

17.7.1a

affected

17.7.1b

affected

17.7.2

affected

17.10.1

affected

17.10.1a

affected

17.10.1b

affected

17.8.1

affected

17.8.1a

affected

17.9.1

affected

17.9.1w

affected

17.9.2

affected

17.9.1a

affected

17.9.1x

affected

17.9.1y

affected

17.9.3

affected

17.9.2a

affected

17.9.1x1

affected

17.9.3a

affected

17.9.4

affected

17.9.1y1

affected

17.9.5

affected

17.9.4a

affected

17.9.5a

affected

17.9.5b

affected

17.9.5e

affected

17.9.5f

affected

17.11.1

affected

17.11.1a

affected

17.12.1

affected

17.12.1w

affected

17.12.1a

affected

17.12.1x

affected

17.12.2

affected

17.12.3

affected

17.12.2a

affected

17.12.1y

affected

17.12.1z

affected

17.12.3a

affected

17.12.1z1

affected

17.13.1

affected

17.13.1a

affected

17.14.1

affected

17.14.1a

affected

17.11.99SW

affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-webui-multi-ARNHM4v6 (cisco-sa-webui-multi-ARNHM4v6)

cve.org (CVE-2025-20195)

nvd.nist.gov (CVE-2025-20195)

Download JSON