Home

Description

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

PUBLISHED Reserved 2024-10-10 | Published 2025-11-13 | Updated 2025-11-13 | Assigner cisco




MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Problem types

URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status
unknown

1.4.0.0
affected

2.1.1.0
affected

2.1.1.3
affected

2.1.2.0
affected

2.1.2.3
affected

2.1.2.4
affected

2.1.2.5
affected

2.2.1.0
affected

2.1.2.6
affected

2.2.2.0
affected

2.2.2.1
affected

2.2.2.3
affected

2.1.2.7
affected

2.2.1.3
affected

2.2.3.0
affected

2.2.2.4
affected

2.2.2.5
affected

2.2.3.3
affected

2.2.2.7
affected

2.2.2.6
affected

2.2.2.8
affected

2.2.3.4
affected

2.1.2.8
affected

2.3.2.1
affected

2.3.2.1-AIRGAP
affected

2.3.2.1-AIRGAP-CA
affected

2.2.3.5
affected

2.3.3.0
affected

2.3.3.3
affected

2.3.3.1-AIRGAP
affected

2.3.3.1
affected

2.3.2.3
affected

2.3.3.3-AIRGAP
affected

2.2.3.6
affected

2.2.2.9
affected

2.3.3.0-AIRGAP
affected

2.3.3.3-AIRGAP-CA
affected

2.3.3.4
affected

2.3.3.4-AIRGAP
affected

2.3.3.4-AIRGAP-MDNAC
affected

2.3.3.4-HF1
affected

2.3.4.0
affected

2.3.3.5
affected

2.3.3.5-AIRGAP
affected

2.3.4.0-AIRGAP
affected

2.3.4.3
affected

2.3.4.3-AIRGAP
affected

2.3.3.6
affected

2.3.5.0
affected

2.3.3.6-AIRGAP
affected

2.3.5.0-AIRGAP
affected

2.3.3.6-AIRGAP-MDNAC
affected

2.3.5.0-AIRGAP-MDNAC
affected

2.3.3.7
affected

2.3.3.7-AIRGAP
affected

2.3.3.7-AIRGAP-MDNAC
affected

2.3.6.0
affected

2.3.3.6-70045-HF1
affected

2.3.3.7-72328-AIRGAP
affected

2.3.3.7-72323
affected

2.3.3.7-72328-MDNAC
affected

2.3.5.3
affected

2.3.5.3-AIRGAP-MDNAC
affected

2.3.5.3-AIRGAP
affected

2.3.6.0-AIRGAP
affected

2.3.7.0
affected

2.3.7.0-AIRGAP
affected

2.3.7.0-AIRGAP-MDNAC
affected

2.3.7.0-VA
affected

2.3.5.4
affected

2.3.5.4-AIRGAP
affected

2.3.5.4-AIRGAP-MDNAC
affected

2.3.7.3
affected

2.3.7.3-AIRGAP
affected

2.3.7.3-AIRGAP-MDNAC
affected

2.3.5.5-AIRGAP
affected

2.3.5.5
affected

2.3.5.5-AIRGAP-MDNAC
affected

2.3.7.4
affected

2.3.7.4-AIRGAP
affected

2.3.7.4-AIRGAP-MDNAC
affected

2.3.7.5-AIRGAP
affected

2.3.7.5-VA
affected

2.3.5.6-AIRGAP
affected

2.3.5.6
affected

2.3.5.6-AIRGAP-MDNAC
affected

1.0.0.0
affected

2.3.7.6-AIRGAP
affected

2.3.7.6
affected

2.3.7.6-VA
affected

2.3.5.5-70026-HF70
affected

2.3.5.5-70026-HF51
affected

2.3.5.6-70143-HF20
affected

2.3.7.6-AIRGAP-MDNAC
affected

2.3.5.5-70026-HF52
affected

2.3.5.5-70026-HF53
affected

2.3.5.5-70026-HF71
affected

2.3.7.7
affected

2.3.7.7-VA
affected

2.3.7.7-AIRGAP
affected

2.3.7.7-AIRGAP-MDNAC
affected

2.3.5.5-70026-HF72
affected

2.3.7.9-VA
affected

2.3.7.9
affected

2.3.7.9-AIRGAP
affected

2.3.7.9-AIRGAP-MDNAC
affected

2.3.7.9-70301-GSMU10
affected

2.3.7.9-75403-SMU10
affected

2.3.7.9-75403-GSMU10
affected

2.3.7.9.75403.10-VA
affected

References

sec.cloudapps.cisco.com/...co-sa-catc-open-redirect-3W5Bk3Je (cisco-sa-catc-open-redirect-3W5Bk3Je)

cve.org (CVE-2025-20355)

nvd.nist.gov (CVE-2025-20355)

Download JSON