CVE-2025-20327 | THREATINT

Description

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

PUBLISHED Reserved 2024-10-10 | Published 2025-09-24 | Updated 2025-09-24 | Assigner cisco

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Problem types

Improper Validation of Specified Type of Input

Product status

15.2(6)E2

affected

15.2(7)E

affected

15.2(6)E2a

affected

15.2(6)E2b

affected

15.2(7)E1

affected

15.2(7)E0a

affected

15.2(7)E0b

affected

15.2(7)E0s

affected

15.2(6)E3

affected

15.2(7)E2

affected

15.2(7a)E0b

affected

15.2(7)E3

affected

15.2(7)E1a

affected

15.2(7b)E0b

affected

15.2(7)E2a

affected

15.2(7)E4

affected

15.2(7)E3k

affected

15.2(8)E

affected

15.2(8)E1

affected

15.2(7)E5

affected

15.2(7)E6

affected

15.2(8)E2

affected

15.2(7)E7

affected

15.2(8)E3

affected

15.2(7)E8

affected

15.2(8)E4

affected

15.2(7)E9

affected

15.2(8)E5

affected

15.2(7)E10

affected

References

sec.cloudapps.cisco.com/...o-sa-ios-invalid-url-dos-Nvxszf6u (cisco-sa-ios-invalid-url-dos-Nvxszf6u)

cve.org (CVE-2025-20327)

nvd.nist.gov (CVE-2025-20327)

Download JSON