We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20195



Description

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to clear the syslog, parser, and licensing logs on the affected device if the targeted user has privileges to clear those logs.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco


MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

16.1.1
affected

16.1.2
affected

16.1.3
affected

16.2.1
affected

16.2.2
affected

16.3.1
affected

16.3.2
affected

16.3.3
affected

16.3.1a
affected

16.3.4
affected

16.3.5
affected

16.3.5b
affected

16.3.6
affected

16.3.7
affected

16.3.8
affected

16.3.9
affected

16.3.10
affected

16.3.11
affected

16.4.1
affected

16.4.2
affected

16.4.3
affected

16.5.1
affected

16.5.1a
affected

16.5.1b
affected

16.5.2
affected

16.5.3
affected

16.6.1
affected

16.6.2
affected

16.6.3
affected

16.6.4
affected

16.6.5
affected

16.6.4a
affected

16.6.5a
affected

16.6.6
affected

16.6.7
affected

16.6.8
affected

16.6.9
affected

16.6.10
affected

16.7.1
affected

16.7.1a
affected

16.7.1b
affected

16.7.2
affected

16.7.3
affected

16.7.4
affected

16.8.1
affected

16.8.1a
affected

16.8.1b
affected

16.8.1s
affected

16.8.1c
affected

16.8.1d
affected

16.8.2
affected

16.8.1e
affected

16.8.3
affected

16.9.1
affected

16.9.2
affected

16.9.1a
affected

16.9.1b
affected

16.9.1s
affected

16.9.3
affected

16.9.4
affected

16.9.3a
affected

16.9.5
affected

16.9.5f
affected

16.9.6
affected

16.9.7
affected

16.9.8
affected

16.10.1
affected

16.10.1a
affected

16.10.1b
affected

16.10.1s
affected

16.10.1c
affected

16.10.1e
affected

16.10.1d
affected

16.10.2
affected

16.10.1f
affected

16.10.1g
affected

16.10.3
affected

16.11.1
affected

16.11.1a
affected

16.11.1b
affected

16.11.2
affected

16.11.1s
affected

16.12.1
affected

16.12.1s
affected

16.12.1a
affected

16.12.1c
affected

16.12.1w
affected

16.12.2
affected

16.12.1y
affected

16.12.2a
affected

16.12.3
affected

16.12.8
affected

16.12.2s
affected

16.12.1x
affected

16.12.1t
affected

16.12.4
affected

16.12.3s
affected

16.12.3a
affected

16.12.4a
affected

16.12.5
affected

16.12.6
affected

16.12.1z1
affected

16.12.5a
affected

16.12.5b
affected

16.12.1z2
affected

16.12.6a
affected

16.12.7
affected

16.12.9
affected

16.12.10
affected

16.12.10a
affected

16.12.11
affected

16.12.12
affected

17.1.1
affected

17.1.1a
affected

17.1.1s
affected

17.1.1t
affected

17.1.3
affected

17.2.1
affected

17.2.1r
affected

17.2.1a
affected

17.2.1v
affected

17.2.2
affected

17.2.3
affected

17.3.1
affected

17.3.2
affected

17.3.3
affected

17.3.1a
affected

17.3.1w
affected

17.3.2a
affected

17.3.1x
affected

17.3.1z
affected

17.3.4
affected

17.3.5
affected

17.3.4a
affected

17.3.6
affected

17.3.4b
affected

17.3.4c
affected

17.3.5a
affected

17.3.5b
affected

17.3.7
affected

17.3.8
affected

17.3.8a
affected

17.4.1
affected

17.4.2
affected

17.4.1a
affected

17.4.1b
affected

17.4.2a
affected

17.5.1
affected

17.5.1a
affected

17.6.1
affected

17.6.2
affected

17.6.1w
affected

17.6.1a
affected

17.6.1x
affected

17.6.3
affected

17.6.1y
affected

17.6.1z
affected

17.6.3a
affected

17.6.4
affected

17.6.1z1
affected

17.6.5
affected

17.6.6
affected

17.6.6a
affected

17.6.5a
affected

17.6.7
affected

17.7.1
affected

17.7.1a
affected

17.7.1b
affected

17.7.2
affected

17.10.1
affected

17.10.1a
affected

17.10.1b
affected

17.8.1
affected

17.8.1a
affected

17.9.1
affected

17.9.1w
affected

17.9.2
affected

17.9.1a
affected

17.9.1x
affected

17.9.1y
affected

17.9.3
affected

17.9.2a
affected

17.9.1x1
affected

17.9.3a
affected

17.9.4
affected

17.9.1y1
affected

17.9.5
affected

17.9.4a
affected

17.9.5a
affected

17.9.5b
affected

17.9.5e
affected

17.9.5f
affected

17.11.1
affected

17.11.1a
affected

17.12.1
affected

17.12.1w
affected

17.12.1a
affected

17.12.1x
affected

17.12.2
affected

17.12.3
affected

17.12.2a
affected

17.12.1y
affected

17.12.1z
affected

17.12.3a
affected

17.12.1z1
affected

17.13.1
affected

17.13.1a
affected

17.14.1
affected

17.14.1a
affected

17.11.99SW
affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-webui-multi-ARNHM4v6 (cisco-sa-webui-multi-ARNHM4v6)

cve.org (CVE-2025-20195)

nvd.nist.gov (CVE-2025-20195)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20195

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.