cvelistv5 - cve-2025-20190

CVE-2025-20190 (GCVE-0-2025-20190)

Vulnerability from cvelistv5 – Published: 2025-05-07 17:34 – Updated: 2025-05-07 19:45

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-284 - Improper Access Control

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Affected: 17.6.8 Affected: 17.9.6 Affected: 17.9.6a Affected: 17.12.1z2 Affected: 17.12.1z3 Affected: 17.15.1 Affected: 17.15.1x

WID-SEC-W-2025-0971

Vulnerability from csaf_certbund - Published: 2025-05-07 22:00 - Updated: 2025-06-01 22:00

Summary

Cisco IOS XE Wireless Controller: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird. Catalyst ist der Markenname für eine Vielzahl von Netzwerk-Switches die von Cisco Systems verkauft werden.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XE Wireless Controllern ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebige Nutzerkonten zu löschen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme

- CISCO Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das f\u00fcr Cisco Ger\u00e4te wie z. B. Router und Switches eingesetzt wird.\r\nCatalyst ist der Markenname f\u00fcr eine Vielzahl von Netzwerk-Switches die von Cisco Systems verkauft werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XE Wireless Controllern ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebige Nutzerkonten zu l\u00f6schen oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- CISCO Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0971 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0971.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0971 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0971"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-wlc-file-uplpd-rHZG9UfC vom 2025-05-07",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-ewlc-user-del-hQxMpUDj vom 2025-05-07",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-ewlc-cdp-dos-fpeks9K vom 2025-05-07",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K"
      },
      {
        "category": "external",
        "summary": "Horizon3 Schwachstellenanalyse vom 2025-06-01",
        "url": "https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco IOS XE Wireless Controller: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-01T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-02T06:16:34.329+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0971",
      "initial_release_date": "2025-05-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9800",
                "product": {
                  "name": "Cisco Catalyst 9800",
                  "product_id": "T014155",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:9800"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Catalyst"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wireless Controller Software",
                "product": {
                  "name": "Cisco IOS XE wireless Controller Software",
                  "product_id": "T022668",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:ios_xe:wireless_controller_software"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "IOS XE"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20188",
      "product_status": {
        "known_affected": [
          "T022668",
          "T014155"
        ]
      },
      "release_date": "2025-05-07T22:00:00.000+00:00",
      "title": "CVE-2025-20188"
    },
    {
      "cve": "CVE-2025-20190",
      "product_status": {
        "known_affected": [
          "T022668",
          "T014155"
        ]
      },
      "release_date": "2025-05-07T22:00:00.000+00:00",
      "title": "CVE-2025-20190"
    },
    {
      "cve": "CVE-2025-20202",
      "product_status": {
        "known_affected": [
          "T022668",
          "T014155"
        ]
      },
      "release_date": "2025-05-07T22:00:00.000+00:00",
      "title": "CVE-2025-20202"
    }
  ]
}

FKIE_CVE-2025-20190

Vulnerability from fkie_nvd - Published: 2025-05-07 18:15 - Updated: 2025-07-31 15:48

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	17.6.8
cisco	ios_xe	17.9.6
cisco	ios_xe	17.9.6a
cisco	ios_xe	17.12.1z2
cisco	ios_xe	17.12.1z3
cisco	ios_xe	17.15.1
cisco	ios_xe	17.15.1x
cisco	catalyst_9800-cl_wireless_controllers_for_cloud	*
cisco	catalyst_9105axi	-
cisco	catalyst_9115axe	-
cisco	catalyst_9115axi	-
cisco	catalyst_9117axi	-
cisco	catalyst_9120axe	-
cisco	catalyst_9120axi	-
cisco	catalyst_9120axp	-
cisco	catalyst_9130axe	-
cisco	catalyst_9130axi	-
cisco	catalyst_9800-40	-
cisco	catalyst_9800-80	-
cisco	catalyst_9800-l	-
cisco	catalyst_cw9800h1	-
cisco	catalyst_cw9800h2	-
cisco	catalyst_cw9800m	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2258D93E-71AA-4964-A5DF-008E3479F2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BDBE176-04ED-48F0-BA9F-45BECFEDBE2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E52AA0-0A77-47DF-9600-7D5B8A6D09B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.1z2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E147E53-B047-429F-9E3B-04FB5F777B85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.1z3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0656EA0A-3BB6-49AD-A6BB-922C2BC5B075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0174C08C-8846-45AE-83ED-E9964348FA28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.1x:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F9C74B-113E-4808-B979-7738E3A52B00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_9800-cl_wireless_controllers_for_cloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66A48B9-2888-4D8B-A194-B67ED54990DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_cw9800h1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4AA835E-2757-485B-8CE7-3D5BFD97C5D0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_cw9800h2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4D63B25-1CA7-44D4-AD74-99CB4A2DA647",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_cw9800m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E915BC3D-8837-4FDA-B5D3-F465DB66D1C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device.\r\n\r This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz web de embajador de lobby del software del controlador inal\u00e1mbrico Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado elimine usuarios arbitrarios definidos en un dispositivo afectado. Esta vulnerabilidad se debe a un control de acceso insuficiente para las acciones ejecutadas por los usuarios de embajador de lobby. Un atacante podr\u00eda explotar esta vulnerabilidad iniciando sesi\u00f3n en un dispositivo afectado con una cuenta de usuario de embajador de lobby y enviando solicitudes HTTP manipuladas a la API. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante eliminar cuentas de usuario arbitrarias en el dispositivo, incluyendo usuarios con privilegios administrativos. Nota: Esta vulnerabilidad solo es explotable si el atacante obtiene las credenciales de una cuenta de embajador de lobby. Esta cuenta no est\u00e1 configurada por defecto."
    }
  ],
  "id": "CVE-2025-20190",
  "lastModified": "2025-07-31T15:48:08.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-07T18:15:38.963",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

GHSA-Q4XX-MXW3-33FM

Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30

Details

This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T18:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device.\n\n This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges.\n\n Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.",
  "id": "GHSA-q4xx-mxw3-33fm",
  "modified": "2025-05-07T18:30:49Z",
  "published": "2025-05-07T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20190"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2025-0146

Vulnerability from csaf_ncscnl - Published: 2025-05-08 08:43 - Updated: 2025-05-08 08:43

Summary

Kwetsbaarheden verholpen in Cisco IOS XE Software

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Cisco heeft kwetsbaarheden verholpen in Cisco IOS XE Software.

Interpretaties

De kwetsbaarheden in Cisco IOS XE Software omvatten verschillende problemen, waaronder onvoldoende invoervalidatie en onjuist geheugenbeheer. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde aanvallers om Denial-of-Service (DoS) situaties te veroorzaken, ongeautoriseerde toegang te verkrijgen, en zelfs om configuraties te manipuleren. Kwetsbare systemen kunnen onverwacht opnieuw opstarten of kunnen worden blootgesteld aan ongeautoriseerde commando-injectie-aanvallen, wat de integriteit en beschikbaarheid van netwerken in gevaar kan brengen.

Oplossingen

Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-762

Mismatched Memory Management Routines

CWE-805

Buffer Access with Incorrect Length Value

CWE-347

Improper Verification of Cryptographic Signature

CWE-232

Improper Handling of Undefined Values

CWE-798

Use of Hard-coded Credentials

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-284

Improper Access Control

CWE-400

Uncontrolled Resource Consumption

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-787

Out-of-bounds Write

CWE-789

Memory Allocation with Excessive Size Value

CWE-20

Improper Input Validation

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Cisco heeft kwetsbaarheden verholpen in Cisco IOS XE Software.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in Cisco IOS XE Software omvatten verschillende problemen, waaronder onvoldoende invoervalidatie en onjuist geheugenbeheer. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde aanvallers om Denial-of-Service (DoS) situaties te veroorzaken, ongeautoriseerde toegang te verkrijgen, en zelfs om configuraties te manipuleren. Kwetsbare systemen kunnen onverwacht opnieuw opstarten of kunnen worden blootgesteld aan ongeautoriseerde commando-injectie-aanvallen, wat de integriteit en beschikbaarheid van netwerken in gevaar kan brengen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Mismatched Memory Management Routines",
        "title": "CWE-762"
      },
      {
        "category": "general",
        "text": "Buffer Access with Incorrect Length Value",
        "title": "CWE-805"
      },
      {
        "category": "general",
        "text": "Improper Verification of Cryptographic Signature",
        "title": "CWE-347"
      },
      {
        "category": "general",
        "text": "Improper Handling of Undefined Values",
        "title": "CWE-232"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Credentials",
        "title": "CWE-798"
      },
      {
        "category": "general",
        "text": "Cross-Site Request Forgery (CSRF)",
        "title": "CWE-352"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Cisco IOS XE Software",
    "tracking": {
      "current_release_date": "2025-05-08T08:43:57.415709Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0146",
      "initial_release_date": "2025-05-08T08:43:57.415709Z",
      "revision_history": [
        {
          "date": "2025-05-08T08:43:57.415709Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.1.3",
                "product": {
                  "name": "vers:cisco/16.1.3",
                  "product_id": "CSAFPID-2714930"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.10.3",
                "product": {
                  "name": "vers:cisco/16.10.3",
                  "product_id": "CSAFPID-2715313"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.11.2",
                "product": {
                  "name": "vers:cisco/16.11.2",
                  "product_id": "CSAFPID-2715043"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.12.9",
                "product": {
                  "name": "vers:cisco/16.12.9",
                  "product_id": "CSAFPID-2715520"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.10bs",
                "product": {
                  "name": "vers:cisco/3.16.10bs",
                  "product_id": "CSAFPID-2715459"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.10s",
                "product": {
                  "name": "vers:cisco/3.16.10s",
                  "product_id": "CSAFPID-2715039"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.2.2",
                "product": {
                  "name": "vers:cisco/16.2.2",
                  "product_id": "CSAFPID-2714932"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.3.11",
                "product": {
                  "name": "vers:cisco/16.3.11",
                  "product_id": "CSAFPID-2715445"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.4.3",
                "product": {
                  "name": "vers:cisco/16.4.3",
                  "product_id": "CSAFPID-2715031"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.5.3",
                "product": {
                  "name": "vers:cisco/16.5.3",
                  "product_id": "CSAFPID-2715164"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.6.10",
                "product": {
                  "name": "vers:cisco/16.6.10",
                  "product_id": "CSAFPID-2715478"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.7bs",
                "product": {
                  "name": "vers:cisco/3.16.7bs",
                  "product_id": "CSAFPID-2715170"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.7s",
                "product": {
                  "name": "vers:cisco/3.16.7s",
                  "product_id": "CSAFPID-2715017"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.8.3",
                "product": {
                  "name": "vers:cisco/16.8.3",
                  "product_id": "CSAFPID-2714865"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.9s",
                "product": {
                  "name": "vers:cisco/3.16.9s",
                  "product_id": "CSAFPID-2714842"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.10.9s",
                "product": {
                  "name": "vers:cisco/3.10.9s",
                  "product_id": "CSAFPID-2714989"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.11.9e",
                "product": {
                  "name": "vers:cisco/3.11.9e",
                  "product_id": "CSAFPID-2715536"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.12.4s",
                "product": {
                  "name": "vers:cisco/3.12.4s",
                  "product_id": "CSAFPID-2714784"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.13.9s",
                "product": {
                  "name": "vers:cisco/3.13.9s",
                  "product_id": "CSAFPID-2715032"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.14.4s",
                "product": {
                  "name": "vers:cisco/3.14.4s",
                  "product_id": "CSAFPID-2714746"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.15.4s",
                "product": {
                  "name": "vers:cisco/3.15.4s",
                  "product_id": "CSAFPID-2714941"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.2as",
                "product": {
                  "name": "vers:cisco/3.16.2as",
                  "product_id": "CSAFPID-2714791"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.2bs",
                "product": {
                  "name": "vers:cisco/3.16.2bs",
                  "product_id": "CSAFPID-2714942"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.2s",
                "product": {
                  "name": "vers:cisco/3.16.2s",
                  "product_id": "CSAFPID-2714788"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.3as",
                "product": {
                  "name": "vers:cisco/3.16.3as",
                  "product_id": "CSAFPID-2714943"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.3s",
                "product": {
                  "name": "vers:cisco/3.16.3s",
                  "product_id": "CSAFPID-2714798"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4s",
                "product": {
                  "name": "vers:cisco/3.16.4s",
                  "product_id": "CSAFPID-2714944"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4gs",
                "product": {
                  "name": "vers:cisco/3.16.4gs",
                  "product_id": "CSAFPID-2714974"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4es",
                "product": {
                  "name": "vers:cisco/3.16.4es",
                  "product_id": "CSAFPID-2714985"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4ds",
                "product": {
                  "name": "vers:cisco/3.16.4ds",
                  "product_id": "CSAFPID-2714983"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4cs",
                "product": {
                  "name": "vers:cisco/3.16.4cs",
                  "product_id": "CSAFPID-2714978"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4bs",
                "product": {
                  "name": "vers:cisco/3.16.4bs",
                  "product_id": "CSAFPID-2714971"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4as",
                "product": {
                  "name": "vers:cisco/3.16.4as",
                  "product_id": "CSAFPID-2714967"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.5as",
                "product": {
                  "name": "vers:cisco/3.16.5as",
                  "product_id": "CSAFPID-2714992"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.5bs",
                "product": {
                  "name": "vers:cisco/3.16.5bs",
                  "product_id": "CSAFPID-2714996"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.5s",
                "product": {
                  "name": "vers:cisco/3.16.5s",
                  "product_id": "CSAFPID-2714975"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.6bs",
                "product": {
                  "name": "vers:cisco/3.16.6bs",
                  "product_id": "CSAFPID-2715025"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.6s",
                "product": {
                  "name": "vers:cisco/3.16.6s",
                  "product_id": "CSAFPID-2714987"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.7as",
                "product": {
                  "name": "vers:cisco/3.16.7as",
                  "product_id": "CSAFPID-2715168"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.8s",
                "product": {
                  "name": "vers:cisco/3.16.8s",
                  "product_id": "CSAFPID-2715178"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.1as",
                "product": {
                  "name": "vers:cisco/3.16.1as",
                  "product_id": "CSAFPID-2714787"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.1s",
                "product": {
                  "name": "vers:cisco/3.16.1s",
                  "product_id": "CSAFPID-2714773"
                }
              }
            ],
            "category": "product_name",
            "name": "Cisco IOS XE Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20137",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20137",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20137.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20137"
    },
    {
      "cve": "CVE-2025-20140",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20140",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20140.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20140"
    },
    {
      "cve": "CVE-2025-20154",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20154",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20154.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20154"
    },
    {
      "cve": "CVE-2025-20162",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20162",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20162.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20162"
    },
    {
      "cve": "CVE-2025-20181",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20181",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20181.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20181"
    },
    {
      "cve": "CVE-2025-20182",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20182"
    },
    {
      "cve": "CVE-2025-20186",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20186",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20186.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20186"
    },
    {
      "cve": "CVE-2025-20188",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Credentials",
          "title": "CWE-798"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20188",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20188.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20188"
    },
    {
      "cve": "CVE-2025-20189",
      "cwe": {
        "id": "CWE-762",
        "name": "Mismatched Memory Management Routines"
      },
      "notes": [
        {
          "category": "other",
          "text": "Mismatched Memory Management Routines",
          "title": "CWE-762"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20189",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20189.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20189"
    },
    {
      "cve": "CVE-2025-20190",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20190",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20190.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20190"
    },
    {
      "cve": "CVE-2025-20192",
      "cwe": {
        "id": "CWE-232",
        "name": "Improper Handling of Undefined Values"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Undefined Values",
          "title": "CWE-232"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20192",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20192.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20192"
    },
    {
      "cve": "CVE-2025-20194",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "other",
          "text": "Cross-Site Request Forgery (CSRF)",
          "title": "CWE-352"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20194",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20194.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20194"
    },
    {
      "cve": "CVE-2025-20202",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Access with Incorrect Length Value",
          "title": "CWE-805"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20202",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20202.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20202"
    }
  ]
}

CISCO-SA-EWLC-USER-DEL-HQXMPUDJ

Vulnerability from csaf_cisco - Published: 2025-05-07 16:00 - Updated: 2025-05-07 16:00

Summary

Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability

Notes

Summary

A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279"].

Vulnerable Products

At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco IOS XE Wireless Controller Software and had lobby ambassador user accounts enabled: Catalyst 9800-CL Wireless Controllers for Cloud Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers Embedded Wireless Controllers on Catalyst Access Points For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether a lobby ambassador account and the HTTP server feature are configured on a device, use the following instructions. Determine the Lobby Ambassador Account Configuration To determine how many lobby ambassador accounts are configured on a device, log in to the device and run the show running-config | count type lobby-admin CLI command. The following example shows the CLI output on a device with one lobby ambassador account configured: Router#show running-config | count type lobby-admin Number of lines which match regexp = 1 The number at the end of the line indicates how many lobby ambassador accounts are configured on the device. Note: The lobby ambassador role can be associated with a user account that is using RADIUS or TACACS+. Customers who are using an authentication, authorization, and accounting (AAA) server such as Cisco Identity Services Engine (ISE) to manage user accounts that are accessing their device should check for the presence of users that have the cisco-av-pair=lobby-admin attribute set. For an example of how to configure a lobby ambassador account on Cisco ISE, see Configure 9800 WLC Lobby Ambassador with RADIUS and TACACS+ Authentication ["https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215552-9800-wlc-lobby-ambassador-with-radius-an.html"]. Determine the HTTP Server Configuration To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present, the HTTP Server feature is enabled for the device. The following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled: Router# show running-config | include ip http server|secure|active ip http server ip http secure-server Note: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled. If the ip http server command is present and the configuration also contains ip http active-session-modules none, the vulnerability is not exploitable over HTTP. If the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, the vulnerability is not exploitable over HTTPS. Cisco IOS XE Wireless Controller Software is affected by this vulnerability only if the device is configured with a lobby ambassador account. This is not a default configuration and must be added by an administrator.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS Software IOS XR Software Meraki products NX-OS Software Wireless LAN Controller (WLC) AireOS Software

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"]. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (“Combined First Fixed”). To use the tool, go to the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] page and follow the instructions. Alternatively, use the following form to determine whether a release is affected by any Cisco Security Advisory. To use the form, follow these steps: Choose which advisories the tool will search—only this advisory, only advisories with a Critical or High Security Impact Rating (SIR) ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"], or all advisories. Enter a release number—for example, 15.9(3)M2 or 17.3.3. Click Check. Only this advisory All Critical and High advisories All advisories

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found during internal security testing.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found during internal security testing."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device.\r\n\r\nThis vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges.\r\n\r\nNote: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n\r\n\r\nThis advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279\"].",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco IOS XE Wireless Controller Software and had lobby ambassador user accounts enabled:\r\n\r\nCatalyst 9800-CL Wireless Controllers for Cloud\r\nCatalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches\r\nCatalyst 9800 Series Wireless Controllers\r\nEmbedded Wireless Controllers on Catalyst Access Points\r\n\r\nFor information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software [\"#fs\"] section of this advisory.\r\n  Determine the Device Configuration\r\nTo determine whether a lobby ambassador account and the HTTP server feature are configured on a device, use the following instructions.\r\n  Determine the Lobby Ambassador Account Configuration\r\nTo determine how many lobby ambassador accounts are configured on a device, log in to the device and run the show running-config | count type lobby-admin CLI command. The following example shows the CLI output on a device with one lobby ambassador account configured:\r\n\r\n\r\nRouter#show running-config | count type lobby-admin\r\nNumber of lines which match regexp = 1\r\n\r\nThe number at the end of the line indicates how many lobby ambassador accounts are configured on the device.\r\n\r\nNote: The lobby ambassador role can be associated with a user account that is using RADIUS or TACACS+. Customers who are using an authentication, authorization, and accounting (AAA) server such as Cisco Identity Services Engine (ISE) to manage user accounts that are accessing their device should check for the presence of users that have the cisco-av-pair=lobby-admin attribute set. For an example of how to configure a lobby ambassador account on Cisco ISE, see Configure 9800 WLC Lobby Ambassador with RADIUS and TACACS+ Authentication [\"https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215552-9800-wlc-lobby-ambassador-with-radius-an.html\"].\r\n\r\nDetermine the HTTP Server Configuration\r\n\r\nTo determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present, the HTTP Server feature is enabled for the device.\r\n\r\nThe following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:\r\n\r\n\r\nRouter# show running-config | include ip http server|secure|active\r\nip http server\r\nip http secure-server\r\n\r\nNote: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.\r\n\r\nIf the ip http server command is present and the configuration also contains ip http active-session-modules none, the vulnerability is not exploitable over HTTP.\r\n\r\nIf the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, the vulnerability is not exploitable over HTTPS.\r\n\r\nCisco IOS XE Wireless Controller Software is affected by this vulnerability only if the device is configured with a lobby ambassador account. This is not a default configuration and must be added by an administrator.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS Software\r\nIOS XR Software\r\nMeraki products\r\nNX-OS Software\r\nWireless LAN Controller (WLC) AireOS Software",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n        Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"]. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (\u201cFirst Fixed\u201d). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (\u201cCombined First Fixed\u201d).\r\n\r\nTo use the tool, go to the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] page and follow the instructions. Alternatively, use the following form to determine whether a release is affected by any Cisco Security Advisory. To use the form, follow these steps:\r\n\r\nChoose which advisories the tool will search\u2014only this advisory, only advisories with a Critical or High Security Impact Rating (SIR) [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr\"], or all advisories.\r\nEnter a release number\u2014for example, 15.9(3)M2 or 17.3.3.\r\nClick Check.\r\n\r\n       Only this advisory  All Critical and High advisories  All advisories",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found during internal security testing.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"
      },
      {
        "category": "external",
        "summary": "Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication",
        "url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Configure 9800 WLC Lobby Ambassador with RADIUS and TACACS+ Authentication",
        "url": "https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215552-9800-wlc-lobby-ambassador-with-radius-an.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Cisco Software Checker",
        "url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
      },
      {
        "category": "external",
        "summary": "Security Impact Rating (SIR)",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability",
    "tracking": {
      "current_release_date": "2025-05-07T16:00:00+00:00",
      "generator": {
        "date": "2025-05-07T15:59:18+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-ewlc-user-del-hQxMpUDj",
      "initial_release_date": "2025-05-07T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2025-05-07T15:53:11+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.6.8",
                    "product": {
                      "name": "17.6.8",
                      "product_id": "CSAFPID-301722"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.6"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.9.6",
                    "product": {
                      "name": "17.9.6",
                      "product_id": "CSAFPID-301723"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.6a",
                    "product": {
                      "name": "17.9.6a",
                      "product_id": "CSAFPID-302891"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.6b",
                    "product": {
                      "name": "17.9.6b",
                      "product_id": "CSAFPID-303015"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.9"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.12.1z2",
                    "product": {
                      "name": "17.12.1z2",
                      "product_id": "CSAFPID-302964"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.1z3",
                    "product": {
                      "name": "17.12.1z3",
                      "product_id": "CSAFPID-303324"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.12"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.15.1",
                    "product": {
                      "name": "17.15.1",
                      "product_id": "CSAFPID-300938"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.15.1x",
                    "product": {
                      "name": "17.15.1x",
                      "product_id": "CSAFPID-302851"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.15"
              }
            ],
            "category": "product_family",
            "name": "Cisco IOS XE Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20190",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwm35433"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-300938",
          "CSAFPID-301722",
          "CSAFPID-301723",
          "CSAFPID-302851",
          "CSAFPID-302891",
          "CSAFPID-302964",
          "CSAFPID-303015",
          "CSAFPID-303324"
        ]
      },
      "release_date": "2025-05-07T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-300938",
            "CSAFPID-301722",
            "CSAFPID-301723",
            "CSAFPID-302851",
            "CSAFPID-302891",
            "CSAFPID-302964",
            "CSAFPID-303015",
            "CSAFPID-303324"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-300938",
            "CSAFPID-301722",
            "CSAFPID-301723",
            "CSAFPID-302851",
            "CSAFPID-302891",
            "CSAFPID-302964",
            "CSAFPID-303015",
            "CSAFPID-303324"
          ]
        }
      ],
      "title": "Cisco IOS XE Software for Embedded Wireless Controllers Unauthorized User Deletion Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20190 (GCVE-0-2025-20190)

WID-SEC-W-2025-0971

FKIE_CVE-2025-20190

GHSA-Q4XX-MXW3-33FM

NCSC-2025-0146

CISCO-SA-EWLC-USER-DEL-HQXMPUDJ

Tags

Sightings

Nomenclature