We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20216

Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability



Description

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco


MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Problem types

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Product status

Default status
unknown

20.1.12
affected

19.2.1
affected

18.4.4
affected

18.4.5
affected

20.1.1.1
affected

20.1.1
affected

19.3.0
affected

19.2.2
affected

19.2.099
affected

18.3.6
affected

18.3.7
affected

19.2.0
affected

18.3.8
affected

19.0.0
affected

19.1.0
affected

18.4.302
affected

18.4.303
affected

19.2.097
affected

19.2.098
affected

17.2.10
affected

18.3.6.1
affected

19.0.1a
affected

18.2.0
affected

18.4.3
affected

18.4.1
affected

17.2.8
affected

18.3.3.1
affected

18.4.0
affected

18.3.1
affected

17.2.6
affected

17.2.9
affected

18.3.4
affected

17.2.5
affected

18.3.1.1
affected

18.3.5
affected

18.4.0.1
affected

18.3.3
affected

17.2.7
affected

17.2.4
affected

18.3.0
affected

19.2.3
affected

18.4.501_ES
affected

20.3.1
affected

20.1.2
affected

19.2.929
affected

19.2.31
affected

20.3.2
affected

19.2.32
affected

20.3.2_925
affected

20.3.2.1
affected

20.3.2.1_927
affected

18.4.6
affected

20.1.2_937
affected

20.4.1
affected

20.3.2_928
affected

20.3.2_929
affected

20.4.1.0.1
affected

20.3.2.1_930
affected

19.2.4
affected

20.5.0.1.1
affected

20.4.1.1
affected

20.3.3
affected

19.2.4.0.1
affected

20.3.2_937
affected

20.3.3.1
affected

20.5.1
affected

20.1.3
affected

20.3.3.0.4
affected

20.3.3.1.2
affected

20.3.3.1.1
affected

20.4.1.2
affected

20.3.3.0.2
affected

20.4.1.1.5
affected

20.4.1.0.01
affected

20.4.1.0.02
affected

20.3.3.1.7
affected

20.3.3.1.5
affected

20.5.1.0.1
affected

20.3.3.1.10
affected

20.3.3.0.8
affected

20.4.2
affected

20.4.2.0.1
affected

20.3.4
affected

20.3.3.0.14
affected

19.2.4.0.8
affected

19.2.4.0.9
affected

20.3.4.0.1
affected

20.3.2.0.5
affected

20.6.1
affected

20.5.1.0.2
affected

20.3.3.0.17
affected

20.6.1.1
affected

20.6.0.18.3
affected

20.3.2.0.6
affected

20.6.0.18.4
affected

20.4.2.0.2
affected

20.3.3.0.16
affected

20.3.4.0.5
affected

20.6.1.0.1
affected

20.3.4.0.6
affected

20.6.2
affected

20.7.1EFT2
affected

20.3.4.0.9
affected

20.3.4.0.11
affected

20.4.2.0.4
affected

20.3.3.0.18
affected

20.7.1
affected

20.6.2.1
affected

20.3.4.1
affected

20.5.1.1
affected

20.4.2.1
affected

20.4.2.1.1
affected

20.3.4.1.1
affected

20.3.813
affected

20.3.4.0.19
affected

20.4.2.2.1
affected

20.5.1.2
affected

20.3.4.2
affected

20.3.814
affected

20.4.2.2
affected

20.6.2.2
affected

20.3.4.2.1
affected

20.7.1.1
affected

20.3.4.1.2
affected

20.6.2.2.2
affected

20.3.4.0.20
affected

20.6.2.2.3
affected

20.4.2.2.2
affected

20.3.5
affected

20.6.2.0.4
affected

20.4.2.2.3
affected

20.3.4.0.24
affected

20.6.2.2.7
affected

20.6.3
affected

20.3.4.2.2
affected

20.4.2.2.4
affected

20.7.1.0.2
affected

20.8.1
affected

20.3.5.0.8
affected

20.3.5.0.9
affected

20.4.2.2.8
affected

20.3.5.0.7
affected

20.6.3.0.7
affected

20.6.3.0.5
affected

20.6.3.0.10
affected

20.6.3.0.2
affected

20.7.2
affected

20.9.1EFT2
affected

20.6.3.0.11
affected

20.6.3.1
affected

20.6.3.0.14
affected

20.6.4
affected

20.9.1
affected

20.6.3.0.19
affected

20.6.3.0.18
affected

20.3.6
affected

20.9.1.1
affected

20.6.3.0.23
affected

20.6.4.0.4
affected

20.6.3.0.25
affected

20.6.5
affected

20.6.3.0.27
affected

20.9.2
affected

20.9.2.1
affected

20.6.3.0.29
affected

20.6.3.0.31
affected

20.6.3.0.32
affected

20.10.1
affected

20.6.3.0.33
affected

20.9.2.0.01
affected

20.9.1_LI_Images
affected

20.10.1_LI_Images
affected

20.9.2_LI_Images
affected

20.3.7
affected

20.9.3
affected

20.6.5.1
affected

20.11.1
affected

20.11.1_LI_Images
affected

20.9.3_LI_ Images
affected

20.6.3.1.1
affected

20.9.3.0.2
affected

20.6.5.1.2
affected

20.9.3.0.3
affected

20.4.2.3
affected

20.6.3.2
affected

20.6.4.1
affected

20.6.3.0.38
affected

20.6.3.0.39
affected

20.3.5.1
affected

20.3.4.3
affected

20.9.3.1
affected

20.3.3.2
affected

20.6.5.2
affected

20.3.7.1
affected

20.10.1.1
affected

20.6.5.2.1
affected

20.3.4.0.25
affected

20.6.2.2.4
affected

20.6.1.2
affected

20.11.1.1
affected

20.9.3.0.5
affected

20.3.4.0.26
affected

20.6.5.1.3
affected

20.6.3.0.40
affected

20.1.3.1
affected

20.9.2.2
affected

20.6.5.2.3
affected

20.6.5.1.4
affected

20.6.5.3
affected

20.6.3.0.41
affected

20.9.3.0.7
affected

20.6.5.1.5
affected

20.9.3.0.4
affected

20.6.4.0.19
affected

20.6.5.1.6
affected

20.9.3.0.8
affected

20.6.3.3
affected

20.3.7.2
affected

20.6.5.4
affected

20.6.5.1.7
affected

20.9.3.0.12
affected

20.6.4.2
affected

20.6.5.5
affected

20.9.3.2
affected

20.11.1.2
affected

20.6.3.4
affected

20.10.1.2
affected

20.6.5.1.9
affected

20.9.3.0.16
affected

20.6.3.0.45
affected

20.6.5.1.10
affected

20.9.3.0.17
affected

20.6.5.2.4
affected

20.6.4.0.21
affected

20.9.3.0.18
affected

20.6.3.0.46
affected

20.6.3.0.47
affected

20.9.2.3
affected

20.9.3.2_LI_Images
affected

20.9.3.0.21
affected

20.9.3.0.20
affected

20.9.4_LI_Images
affected

20.9.4
affected

20.6.5.1.11
affected

20.12.1
affected

20.12.1_LI_Images
affected

20.6.5.1.13
affected

20.9.3.0.23
affected

20.6.5.2.8
affected

20.9.4.1
affected

20.9.4.1_LI_Images
affected

20.9.3.0.25
affected

20.9.3.0.24
affected

20.6.5.1.14
affected

20.3.8
affected

20.6.6
affected

20.9.3.0.26
affected

20.6.3.0.51
affected

20.9.3.0.29
affected

20.12.2
affected

20.12.2_LI_Images
affected

20.6.6.0.1
affected

20.13.1_LI_Images
affected

20.9.4.0.4
affected

20.13.1
affected

20.9.4.1.1
affected

20.9.5
affected

20.9.5_LI_Images
affected

20.12.3_LI_Images
affected

20.12.3
affected

20.9.4.1.3
affected

20.6.7
affected

20.9.5.1
affected

20.9.5.1_LI_Images
affected

20.9.4.1.6
affected

20.14.1
affected

20.14.1_LI_Images
affected

20.9.5.2
affected

20.9.5.2.1
affected

20.9.5.2_LI_Images
affected

20.12.3.1
affected

20.12.4
affected

20.15.1_LI_Images
affected

20.15.1
affected

20.9.5.1.4
affected

20.9.5.2.7
affected

20.9.5.2.13
affected

20.9.6
affected

20.9.6_LI_Images
affected

20.9.5.2.14
affected

20.6.8
affected

20.12.4.0.03
affected

20.12.4_LI_Images
affected

20.9.5.2.16
affected

20.12.4.0.4
affected

20.12.401
affected

20.9.5.3
affected

20.9.5.3_LI_Images
affected

20.12.4.1_LI_Images
affected

20.12.4.1
affected

20.9.5.2.21
affected

20.9.6.0.3
affected

20.12.4.0.6
affected

References

sec.cloudapps.cisco.com/...isco-sa-vmanage-html-inj-GxVtK6zj (cisco-sa-vmanage-html-inj-GxVtK6zj)

cve.org (CVE-2025-20216)

nvd.nist.gov (CVE-2025-20216)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20216

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.