Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NFVIS | NFVIS versions antérieures à 4.18.1 | ||
| Cisco | UCS | UCS Server versions antérieures à 4.15.2 sur UCS séries E | ||
| Cisco | UCS | UCS Server versions 4.3 antérieures à 4.3(5.250001) sur UCS séries C | ||
| Cisco | UCS | UCS Server versions antérieures à 4.2(3o) sur UCS séries B, C et X | ||
| Cisco | Intersight Server | Intersight Server versions 5.0 antérieures à 5.0(4i) sur UCS séries X | ||
| Cisco | Intersight Server | Intersight Server versions 5.x antérieures à 5.3(0.250001) sur UCS séries B et X | ||
| Cisco | Intersight Server | Intersight Server versions antérieures à 4.2(3l) sur UCS séries B | ||
| Cisco | UCS | UCS Server versions 4.3 antérieures à 4.3(5c) sur UCS séries B, C et X | ||
| Cisco | UCS | UCS Manager versions 4.3 antérieures à 4.3(6a) | ||
| Cisco | UCS | UCS Manager Software versions antérieures à 4.2(3p) | ||
| Cisco | commutateurs Nexus | les commutateurs Nexus séries 3000 et 9000, se référer au bulletin de sécurité de l'éditeur pour les systèmes affectés (cf. section Documentation) |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NFVIS versions ant\u00e9rieures \u00e0 4.18.1",
"product": {
"name": "NFVIS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions ant\u00e9rieures \u00e0 4.15.2 sur UCS s\u00e9ries E",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions 4.3 ant\u00e9rieures \u00e0 4.3(5.250001) sur UCS s\u00e9ries C",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions ant\u00e9rieures \u00e0 4.2(3o) sur UCS s\u00e9ries B, C et X",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server versions 5.0 ant\u00e9rieures \u00e0 5.0(4i) sur UCS s\u00e9ries X",
"product": {
"name": "Intersight Server",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server versions 5.x ant\u00e9rieures \u00e0 5.3(0.250001) sur UCS s\u00e9ries B et X",
"product": {
"name": "Intersight Server",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server versions ant\u00e9rieures \u00e0 4.2(3l) sur UCS s\u00e9ries B",
"product": {
"name": "Intersight Server",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions 4.3 ant\u00e9rieures \u00e0 4.3(5c) sur UCS s\u00e9ries B, C et X",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Manager versions 4.3 ant\u00e9rieures \u00e0 4.3(6a)",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Manager Software versions ant\u00e9rieures \u00e0 4.2(3p)",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les commutateurs Nexus s\u00e9ries 3000 et 9000, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les syst\u00e8mes affect\u00e9s (cf. section Documentation)",
"product": {
"name": "commutateurs Nexus",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20317"
},
{
"name": "CVE-2025-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20241"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-08-27",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
},
{
"published_at": "2025-08-27",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-n39k-isis-dos-JhJA8Rfx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx"
}
]
}
CVE-2025-20241 (GCVE-0-2025-20241)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-27 18:18
VLAI?
EPSS
Summary
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition.
Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.
Severity ?
7.4 (High)
CWE
- CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Affected:
9.2(3)
Affected: 7.0(3)I5(2) Affected: 6.0(2)A8(7a) Affected: 7.0(3)I4(5) Affected: 7.0(3)I4(6) Affected: 7.0(3)I4(3) Affected: 9.2(2v) Affected: 7.0(3)I4(7) Affected: 7.0(3)I4(1) Affected: 7.0(3)I4(8) Affected: 7.0(3)I4(2) Affected: 6.0(2)A8(11) Affected: 9.2(1) Affected: 9.2(2t) Affected: 9.2(3y) Affected: 7.0(3)I4(1t) Affected: 7.0(3)I7(6z) Affected: 9.3(2) Affected: 7.0(3)F3(3) Affected: 7.0(3)I7(3z) Affected: 7.0(3)IM7(2) Affected: 6.0(2)A8(11b) Affected: 7.0(3)I7(5a) Affected: 7.0(3)I6(1) Affected: 7.0(3)I5(3b) Affected: 9.2(4) Affected: 6.0(2)A8(10) Affected: 6.0(2)A8(2) Affected: 7.0(3)IC4(4) Affected: 7.0(3)F3(3c) Affected: 7.0(3)F3(1) Affected: 7.0(3)F3(5) Affected: 7.0(3)I7(2) Affected: 7.0(3)I5(3) Affected: 7.0(3)I7(3) Affected: 6.0(2)A8(6) Affected: 7.0(3)I6(2) Affected: 6.0(2)A8(5) Affected: 9.3(1) Affected: 6.0(2)A8(7) Affected: 7.0(3)I7(6) Affected: 6.0(2)A8(11a) Affected: 7.0(3)I4(8z) Affected: 7.0(3)I4(9) Affected: 7.0(3)I7(4) Affected: 7.0(3)I7(7) Affected: 6.0(2)A8(9) Affected: 6.0(2)A8(1) Affected: 6.0(2)A8(10a) Affected: 7.0(3)I5(1) Affected: 9.3(1z) Affected: 9.2(2) Affected: 7.0(3)F3(4) Affected: 7.0(3)I4(8b) Affected: 6.0(2)A8(3) Affected: 7.0(3)I4(6t) Affected: 7.0(3)I5(3a) Affected: 6.0(2)A8(8) Affected: 7.0(3)I7(5) Affected: 7.0(3)F3(3a) Affected: 6.0(2)A8(4) Affected: 7.0(3)I4(8a) Affected: 7.0(3)F3(2) Affected: 7.0(3)I4(4) Affected: 7.0(3)I7(1) Affected: 7.0(3)IA7(2) Affected: 7.0(3)IA7(1) Affected: 6.0(2)A8(7b) Affected: 6.0(2)A8(4a) Affected: 9.3(3) Affected: 7.0(3)I7(8) Affected: 9.3(4) Affected: 9.3(5) Affected: 7.0(3)I7(9) Affected: 9.3(6) Affected: 10.1(2) Affected: 10.1(1) Affected: 9.3(5w) Affected: 9.3(7) Affected: 9.3(7k) Affected: 7.0(3)I7(9w) Affected: 10.2(1) Affected: 9.3(7a) Affected: 9.3(8) Affected: 7.0(3)I7(10) Affected: 10.2(1q) Affected: 10.2(2) Affected: 9.3(9) Affected: 10.1(2t) Affected: 10.2(3) Affected: 10.2(3t) Affected: 9.3(10) Affected: 10.2(2a) Affected: 10.3(1) Affected: 10.2(4) Affected: 10.3(2) Affected: 9.3(11) Affected: 10.3(3) Affected: 10.2(5) Affected: 9.3(12) Affected: 10.2(3v) Affected: 10.4(1) Affected: 10.3(99w) Affected: 10.2(6) Affected: 10.3(3w) Affected: 10.3(99x) Affected: 10.3(3o) Affected: 10.3(4) Affected: 10.3(3p) Affected: 10.3(4a) Affected: 10.4(2) Affected: 10.3(3q) Affected: 9.3(13) Affected: 10.3(5) Affected: 10.2(7) Affected: 10.4(3) Affected: 10.3(3x) Affected: 10.3(4g) Affected: 10.5(1) Affected: 10.2(8) Affected: 10.3(3r) Affected: 10.3(6) Affected: 9.3(14) Affected: 10.4(4) Affected: 10.3(4h) Affected: 10.5(2) Affected: 10.4(4g) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:18:19.522793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:18:32.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.2(3)"
},
{
"status": "affected",
"version": "7.0(3)I5(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(7a)"
},
{
"status": "affected",
"version": "7.0(3)I4(5)"
},
{
"status": "affected",
"version": "7.0(3)I4(6)"
},
{
"status": "affected",
"version": "7.0(3)I4(3)"
},
{
"status": "affected",
"version": "9.2(2v)"
},
{
"status": "affected",
"version": "7.0(3)I4(7)"
},
{
"status": "affected",
"version": "7.0(3)I4(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(8)"
},
{
"status": "affected",
"version": "7.0(3)I4(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(11)"
},
{
"status": "affected",
"version": "9.2(1)"
},
{
"status": "affected",
"version": "9.2(2t)"
},
{
"status": "affected",
"version": "9.2(3y)"
},
{
"status": "affected",
"version": "7.0(3)I4(1t)"
},
{
"status": "affected",
"version": "7.0(3)I7(6z)"
},
{
"status": "affected",
"version": "9.3(2)"
},
{
"status": "affected",
"version": "7.0(3)F3(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(3z)"
},
{
"status": "affected",
"version": "7.0(3)IM7(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(11b)"
},
{
"status": "affected",
"version": "7.0(3)I7(5a)"
},
{
"status": "affected",
"version": "7.0(3)I6(1)"
},
{
"status": "affected",
"version": "7.0(3)I5(3b)"
},
{
"status": "affected",
"version": "9.2(4)"
},
{
"status": "affected",
"version": "6.0(2)A8(10)"
},
{
"status": "affected",
"version": "6.0(2)A8(2)"
},
{
"status": "affected",
"version": "7.0(3)IC4(4)"
},
{
"status": "affected",
"version": "7.0(3)F3(3c)"
},
{
"status": "affected",
"version": "7.0(3)F3(1)"
},
{
"status": "affected",
"version": "7.0(3)F3(5)"
},
{
"status": "affected",
"version": "7.0(3)I7(2)"
},
{
"status": "affected",
"version": "7.0(3)I5(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(3)"
},
{
"status": "affected",
"version": "6.0(2)A8(6)"
},
{
"status": "affected",
"version": "7.0(3)I6(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(5)"
},
{
"status": "affected",
"version": "9.3(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(7)"
},
{
"status": "affected",
"version": "7.0(3)I7(6)"
},
{
"status": "affected",
"version": "6.0(2)A8(11a)"
},
{
"status": "affected",
"version": "7.0(3)I4(8z)"
},
{
"status": "affected",
"version": "7.0(3)I4(9)"
},
{
"status": "affected",
"version": "7.0(3)I7(4)"
},
{
"status": "affected",
"version": "7.0(3)I7(7)"
},
{
"status": "affected",
"version": "6.0(2)A8(9)"
},
{
"status": "affected",
"version": "6.0(2)A8(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(10a)"
},
{
"status": "affected",
"version": "7.0(3)I5(1)"
},
{
"status": "affected",
"version": "9.3(1z)"
},
{
"status": "affected",
"version": "9.2(2)"
},
{
"status": "affected",
"version": "7.0(3)F3(4)"
},
{
"status": "affected",
"version": "7.0(3)I4(8b)"
},
{
"status": "affected",
"version": "6.0(2)A8(3)"
},
{
"status": "affected",
"version": "7.0(3)I4(6t)"
},
{
"status": "affected",
"version": "7.0(3)I5(3a)"
},
{
"status": "affected",
"version": "6.0(2)A8(8)"
},
{
"status": "affected",
"version": "7.0(3)I7(5)"
},
{
"status": "affected",
"version": "7.0(3)F3(3a)"
},
{
"status": "affected",
"version": "6.0(2)A8(4)"
},
{
"status": "affected",
"version": "7.0(3)I4(8a)"
},
{
"status": "affected",
"version": "7.0(3)F3(2)"
},
{
"status": "affected",
"version": "7.0(3)I4(4)"
},
{
"status": "affected",
"version": "7.0(3)I7(1)"
},
{
"status": "affected",
"version": "7.0(3)IA7(2)"
},
{
"status": "affected",
"version": "7.0(3)IA7(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(7b)"
},
{
"status": "affected",
"version": "6.0(2)A8(4a)"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(8)"
},
{
"status": "affected",
"version": "9.3(4)"
},
{
"status": "affected",
"version": "9.3(5)"
},
{
"status": "affected",
"version": "7.0(3)I7(9)"
},
{
"status": "affected",
"version": "9.3(6)"
},
{
"status": "affected",
"version": "10.1(2)"
},
{
"status": "affected",
"version": "10.1(1)"
},
{
"status": "affected",
"version": "9.3(5w)"
},
{
"status": "affected",
"version": "9.3(7)"
},
{
"status": "affected",
"version": "9.3(7k)"
},
{
"status": "affected",
"version": "7.0(3)I7(9w)"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "9.3(7a)"
},
{
"status": "affected",
"version": "9.3(8)"
},
{
"status": "affected",
"version": "7.0(3)I7(10)"
},
{
"status": "affected",
"version": "10.2(1q)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "9.3(9)"
},
{
"status": "affected",
"version": "10.1(2t)"
},
{
"status": "affected",
"version": "10.2(3)"
},
{
"status": "affected",
"version": "10.2(3t)"
},
{
"status": "affected",
"version": "9.3(10)"
},
{
"status": "affected",
"version": "10.2(2a)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.2(4)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "9.3(11)"
},
{
"status": "affected",
"version": "10.3(3)"
},
{
"status": "affected",
"version": "10.2(5)"
},
{
"status": "affected",
"version": "9.3(12)"
},
{
"status": "affected",
"version": "10.2(3v)"
},
{
"status": "affected",
"version": "10.4(1)"
},
{
"status": "affected",
"version": "10.3(99w)"
},
{
"status": "affected",
"version": "10.2(6)"
},
{
"status": "affected",
"version": "10.3(3w)"
},
{
"status": "affected",
"version": "10.3(99x)"
},
{
"status": "affected",
"version": "10.3(3o)"
},
{
"status": "affected",
"version": "10.3(4)"
},
{
"status": "affected",
"version": "10.3(3p)"
},
{
"status": "affected",
"version": "10.3(4a)"
},
{
"status": "affected",
"version": "10.4(2)"
},
{
"status": "affected",
"version": "10.3(3q)"
},
{
"status": "affected",
"version": "9.3(13)"
},
{
"status": "affected",
"version": "10.3(5)"
},
{
"status": "affected",
"version": "10.2(7)"
},
{
"status": "affected",
"version": "10.4(3)"
},
{
"status": "affected",
"version": "10.3(3x)"
},
{
"status": "affected",
"version": "10.3(4g)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.2(8)"
},
{
"status": "affected",
"version": "10.3(3r)"
},
{
"status": "affected",
"version": "10.3(6)"
},
{
"status": "affected",
"version": "9.3(14)"
},
{
"status": "affected",
"version": "10.4(4)"
},
{
"status": "affected",
"version": "10.3(4h)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.4(4g)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r\nThis vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-733",
"description": "Compiler Optimization Removal or Modification of Security-critical Code",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:55.242Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-n39k-isis-dos-JhJA8Rfx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx"
}
],
"source": {
"advisory": "cisco-sa-n39k-isis-dos-JhJA8Rfx",
"defects": [
"CSCwn49153"
],
"discovery": "INTERNAL"
},
"title": "Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol \u003cTBD\u003e Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20241",
"datePublished": "2025-08-27T16:23:55.242Z",
"dateReserved": "2024-10-10T19:15:13.238Z",
"dateUpdated": "2025-08-27T18:18:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20317 (GCVE-0-2025-20317)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-27 18:52
VLAI?
EPSS
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.
This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
7.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:51:46.552039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:52:07.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
}
],
"source": {
"advisory": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"defects": [
"CSCwm57436"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20317",
"datePublished": "2025-08-27T16:23:18.607Z",
"dateReserved": "2024-10-10T19:15:13.253Z",
"dateUpdated": "2025-08-27T18:52:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…