CVE-2025-20338 | THREATINT

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

PUBLISHED Reserved 2024-10-10 | Published 2025-09-24 | Updated 2025-09-25 | Assigner cisco

MEDIUM: 6.0CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

Improper Neutralization of Parameter/Argument Delimiters

Product status

3.5.0E

affected

3.5.1E

affected

3.5.2E

affected

3.5.3E

affected

3.11.1S

affected

3.11.2S

affected

3.11.0S

affected

3.11.3S

affected

3.11.4S

affected

3.12.0S

affected

3.12.1S

affected

3.12.2S

affected

3.12.3S

affected

3.12.0aS

affected

3.12.4S

affected

3.13.0S

affected

3.13.1S

affected

3.13.2S

affected

3.13.3S

affected

3.13.4S

affected

3.13.5S

affected

3.13.2aS

affected

3.13.0aS

affected

3.13.5aS

affected

3.13.6S

affected

3.13.7S

affected

3.13.6aS

affected

3.13.7aS

affected

3.13.8S

affected

3.13.9S

affected

3.13.10S

affected

3.6.0E

affected

3.6.1E

affected

3.6.2aE

affected

3.6.2E

affected

3.6.3E

affected

3.6.4E

affected

3.6.5E

affected

3.6.6E

affected

3.6.5aE

affected

3.6.7E

affected

3.6.8E

affected

3.6.7bE

affected

3.6.9E

affected

3.6.10E

affected

3.14.0S

affected

3.14.1S

affected

3.14.2S

affected

3.14.3S

affected

3.14.4S

affected

3.15.0S

affected

3.15.1S

affected

3.15.2S

affected

3.15.1cS

affected

3.15.3S

affected

3.15.4S

affected

3.7.0E

affected

3.7.1E

affected

3.7.2E

affected

3.7.3E

affected

3.7.4E

affected

3.7.5E

affected

3.5.0SQ

affected

3.5.1SQ

affected

3.5.2SQ

affected

3.5.3SQ

affected

3.5.4SQ

affected

3.5.5SQ

affected

3.5.6SQ

affected

3.5.7SQ

affected

3.5.8SQ

affected

3.16.0S

affected

3.16.1S

affected

3.16.1aS

affected

3.16.2S

affected

3.16.2aS

affected

3.16.0cS

affected

3.16.3S

affected

3.16.2bS

affected

3.16.3aS

affected

3.16.4S

affected

3.16.4aS

affected

3.16.4bS

affected

3.16.5S

affected

3.16.4dS

affected

3.16.6S

affected

3.16.7S

affected

3.16.6bS

affected

3.16.7aS

affected

3.16.7bS

affected

3.16.8S

affected

3.16.9S

affected

3.16.10S

affected

3.17.0S

affected

3.17.1S

affected

3.17.2S

affected

3.17.1aS

affected

3.17.3S

affected

3.17.4S

affected

3.8.0E

affected

3.8.1E

affected

3.8.2E

affected

3.8.3E

affected

3.8.4E

affected

3.8.5E

affected

3.8.5aE

affected

3.8.6E

affected

3.8.7E

affected

3.8.8E

affected

3.8.9E

affected

3.8.10E

affected

3.8.10eE

affected

3.18.0aS

affected

3.18.0S

affected

3.18.1S

affected

3.18.2S

affected

3.18.3S

affected

3.18.4S

affected

3.18.0SP

affected

3.18.1SP

affected

3.18.1aSP

affected

3.18.1bSP

affected

3.18.1cSP

affected

3.18.2SP

affected

3.18.2aSP

affected

3.18.3SP

affected

3.18.4SP

affected

3.18.3aSP

affected

3.18.3bSP

affected

3.18.5SP

affected

3.18.6SP

affected

3.18.7SP

affected

3.18.8aSP

affected

3.18.9SP

affected

3.9.0E

affected

3.9.1E

affected

3.9.2E

affected

16.6.1

affected

16.6.2

affected

16.6.3

affected

16.6.4

affected

16.6.5

affected

16.6.4a

affected

16.6.5a

affected

16.6.6

affected

16.6.7

affected

16.6.8

affected

16.6.9

affected

16.6.10

affected

16.7.1

affected

16.7.1a

affected

16.7.1b

affected

16.7.2

affected

16.7.3

affected

16.7.4

affected

16.8.1

affected

16.8.1a

affected

16.8.1b

affected

16.8.1s

affected

16.8.1c

affected

16.8.1d

affected

16.8.2

affected

16.8.1e

affected

16.8.3

affected

16.9.1

affected

16.9.2

affected

16.9.1a

affected

16.9.1b

affected

16.9.1s

affected

16.9.3

affected

16.9.4

affected

16.9.3a

affected

16.9.5

affected

16.9.5f

affected

16.9.6

affected

16.9.7

affected

16.9.8

affected

16.10.1

affected

16.10.1a

affected

16.10.1b

affected

16.10.1s

affected

16.10.1c

affected

16.10.1e

affected

16.10.1d

affected

16.10.2

affected

16.10.1f

affected

16.10.1g

affected

16.10.3

affected

3.10.0E

affected

3.10.1E

affected

3.10.0cE

affected

3.10.2E

affected

3.10.3E

affected

16.11.1

affected

16.11.1a

affected

16.11.1b

affected

16.11.2

affected

16.11.1s

affected

16.12.1

affected

16.12.1s

affected

16.12.1a

affected

16.12.1c

affected

16.12.1w

affected

16.12.2

affected

16.12.1y

affected

16.12.2a

affected

16.12.3

affected

16.12.8

affected

16.12.2s

affected

16.12.1x

affected

16.12.1t

affected

16.12.4

affected

16.12.3s

affected

16.12.3a

affected

16.12.4a

affected

16.12.5

affected

16.12.6

affected

16.12.1z1

affected

16.12.5a

affected

16.12.5b

affected

16.12.1z2

affected

16.12.6a

affected

16.12.7

affected

16.12.9

affected

16.12.10

affected

16.12.10a

affected

16.12.11

affected

16.12.12

affected

16.12.13

affected

3.11.0E

affected

3.11.1E

affected

3.11.2E

affected

3.11.3E

affected

3.11.1aE

affected

3.11.4E

affected

3.11.3aE

affected

3.11.5E

affected

3.11.6E

affected

3.11.7E

affected

3.11.8E

affected

3.11.9E

affected

3.11.10E

affected

3.11.11E

affected

3.11.12E

affected

17.1.1

affected

17.1.1a

affected

17.1.1s

affected

17.1.1t

affected

17.1.3

affected

17.2.1

affected

17.2.1r

affected

17.2.1a

affected

17.2.1v

affected

17.2.2

affected

17.2.3

affected

17.3.1

affected

17.3.2

affected

17.3.3

affected

17.3.1a

affected

17.3.1w

affected

17.3.2a

affected

17.3.1x

affected

17.3.1z

affected

17.3.4

affected

17.3.5

affected

17.3.4a

affected

17.3.6

affected

17.3.4b

affected

17.3.4c

affected

17.3.5a

affected

17.3.5b

affected

17.3.7

affected

17.3.8

affected

17.3.8a

affected

17.4.1

affected

17.4.2

affected

17.4.1a

affected

17.4.1b

affected

17.4.2a

affected

17.5.1

affected

17.5.1a

affected

17.6.1

affected

17.6.2

affected

17.6.1w

affected

17.6.1a

affected

17.6.1x

affected

17.6.3

affected

17.6.1y

affected

17.6.1z

affected

17.6.3a

affected

17.6.4

affected

17.6.1z1

affected

17.6.5

affected

17.6.6

affected

17.6.6a

affected

17.6.5a

affected

17.6.7

affected

17.6.8

affected

17.6.8a

affected

17.7.1

affected

17.7.1a

affected

17.7.1b

affected

17.7.2

affected

17.10.1

affected

17.10.1a

affected

17.10.1b

affected

17.8.1

affected

17.8.1a

affected

17.9.1

affected

17.9.1w

affected

17.9.2

affected

17.9.1a

affected

17.9.1x

affected

17.9.1y

affected

17.9.3

affected

17.9.2a

affected

17.9.1x1

affected

17.9.3a

affected

17.9.4

affected

17.9.1y1

affected

17.9.5

affected

17.9.4a

affected

17.9.5a

affected

17.9.5b

affected

17.9.6

affected

17.9.6a

affected

17.9.7

affected

17.9.5e

affected

17.9.5f

affected

17.9.7a

affected

17.9.7b

affected

17.11.1

affected

17.11.1a

affected

17.12.1

affected

17.12.1w

affected

17.12.1a

affected

17.12.1x

affected

17.12.2

affected

17.12.3

affected

17.12.2a

affected

17.12.1y

affected

17.12.1z

affected

17.12.4

affected

17.12.3a

affected

17.12.1z1

affected

17.12.1z2

affected

17.12.4a

affected

17.12.5

affected

17.12.4b

affected

17.12.1z3

affected

17.12.5a

affected

17.12.1z4

affected

17.12.5b

affected

17.12.5c

affected

17.13.1

affected

17.13.1a

affected

17.14.1

affected

17.14.1a

affected

17.15.1

affected

17.15.1w

affected

17.15.1a

affected

17.15.2

affected

17.15.1b

affected

17.15.1x

affected

17.15.1z

affected

17.15.3

affected

17.15.2c

affected

17.15.2a

affected

17.15.1y

affected

17.15.2b

affected

17.15.3a

affected

17.15.3b

affected

17.16.1

affected

17.16.1a

affected

References

sec.cloudapps.cisco.com/...isco-sa-iosxe-arg-inject-EyDDbh4e (cisco-sa-iosxe-arg-inject-EyDDbh4e)

cve.org (CVE-2025-20338)

nvd.nist.gov (CVE-2025-20338)

Download JSON