Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-3GRG-FVVV-2QRM
Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30
VLAI?
Details
A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.
This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.
To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.
Severity ?
8.3 (High)
{
"affected": [],
"aliases": [
"CVE-2025-20164"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-07T18:15:37Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.\n\n This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.\n\n To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.",
"id": "GHSA-3grg-fvvv-2qrm",
"modified": "2025-05-07T18:30:49Z",
"published": "2025-05-07T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20164"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2025-20164 (GCVE-0-2025-20164)
Vulnerability from cvelistv5 – Published: 2025-05-07 17:36 – Updated: 2025-05-08 03:56
VLAI?
EPSS
Summary
A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.
This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.
To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.
Severity ?
8.3 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | IOS |
Affected:
15.0(2)SE8
Affected: 15.0(2)EA Affected: 15.0(2)EA1 Affected: 15.2(2)E Affected: 15.2(2)E1 Affected: 15.2(3)E1 Affected: 15.2(2)E2 Affected: 15.2(2)E3 Affected: 15.2(2a)E2 Affected: 15.2(3)E2 Affected: 15.2(3)E3 Affected: 15.2(2)E4 Affected: 15.2(2)E5 Affected: 15.2(3)E4 Affected: 15.2(5)E Affected: 15.2(2)E6 Affected: 15.2(5)E1 Affected: 15.2(2)E5a Affected: 15.2(5a)E1 Affected: 15.2(2)E7 Affected: 15.2(5)E2 Affected: 15.2(6)E Affected: 15.2(5)E2c Affected: 15.2(2)E8 Affected: 15.2(6)E0a Affected: 15.2(6)E1 Affected: 15.2(6)E0c Affected: 15.2(2)E9 Affected: 15.2(7)E Affected: 15.2(2)E10 Affected: 15.2(6)E2a Affected: 15.2(7)E0b Affected: 15.2(7)E0s Affected: 15.2(6)E3 Affected: 15.2(7)E2 Affected: 15.2(7)E3 Affected: 15.2(7)E1a Affected: 15.2(7)E4 Affected: 15.2(8)E Affected: 15.2(8)E1 Affected: 15.2(7)E5 Affected: 15.2(7)E6 Affected: 15.2(8)E2 Affected: 15.2(7)E7 Affected: 15.2(8)E3 Affected: 15.2(7)E8 Affected: 15.2(8)E4 Affected: 15.2(7)E9 Affected: 15.2(8)E5 Affected: 15.2(8)E6 Affected: 15.2(7)E10 Affected: 15.2(7)E11 Affected: 15.2(1)EY Affected: 15.0(2)EK Affected: 15.0(2)EK1 Affected: 15.2(2)EB Affected: 15.2(2)EB1 Affected: 15.2(2)EB2 Affected: 15.2(6)EB Affected: 15.2(2)EA Affected: 15.2(2)EA2 Affected: 15.2(3)EA Affected: 15.2(4)EA Affected: 15.2(4)EA1 Affected: 15.2(2)EA3 Affected: 15.2(4)EA4 Affected: 15.2(4)EA5 Affected: 15.2(4)EA6 Affected: 15.2(4)EA7 Affected: 15.2(4)EA8 Affected: 15.2(4)EA9 Affected: 15.2(4)EA9a Affected: 15.2(4)EC1 Affected: 15.2(4)EC2 Affected: 15.3(3)JPU |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T03:56:33.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.0(2)SE8"
},
{
"status": "affected",
"version": "15.0(2)EA"
},
{
"status": "affected",
"version": "15.0(2)EA1"
},
{
"status": "affected",
"version": "15.2(2)E"
},
{
"status": "affected",
"version": "15.2(2)E1"
},
{
"status": "affected",
"version": "15.2(3)E1"
},
{
"status": "affected",
"version": "15.2(2)E2"
},
{
"status": "affected",
"version": "15.2(2)E3"
},
{
"status": "affected",
"version": "15.2(2a)E2"
},
{
"status": "affected",
"version": "15.2(3)E2"
},
{
"status": "affected",
"version": "15.2(3)E3"
},
{
"status": "affected",
"version": "15.2(2)E4"
},
{
"status": "affected",
"version": "15.2(2)E5"
},
{
"status": "affected",
"version": "15.2(3)E4"
},
{
"status": "affected",
"version": "15.2(5)E"
},
{
"status": "affected",
"version": "15.2(2)E6"
},
{
"status": "affected",
"version": "15.2(5)E1"
},
{
"status": "affected",
"version": "15.2(2)E5a"
},
{
"status": "affected",
"version": "15.2(5a)E1"
},
{
"status": "affected",
"version": "15.2(2)E7"
},
{
"status": "affected",
"version": "15.2(5)E2"
},
{
"status": "affected",
"version": "15.2(6)E"
},
{
"status": "affected",
"version": "15.2(5)E2c"
},
{
"status": "affected",
"version": "15.2(2)E8"
},
{
"status": "affected",
"version": "15.2(6)E0a"
},
{
"status": "affected",
"version": "15.2(6)E1"
},
{
"status": "affected",
"version": "15.2(6)E0c"
},
{
"status": "affected",
"version": "15.2(2)E9"
},
{
"status": "affected",
"version": "15.2(7)E"
},
{
"status": "affected",
"version": "15.2(2)E10"
},
{
"status": "affected",
"version": "15.2(6)E2a"
},
{
"status": "affected",
"version": "15.2(7)E0b"
},
{
"status": "affected",
"version": "15.2(7)E0s"
},
{
"status": "affected",
"version": "15.2(6)E3"
},
{
"status": "affected",
"version": "15.2(7)E2"
},
{
"status": "affected",
"version": "15.2(7)E3"
},
{
"status": "affected",
"version": "15.2(7)E1a"
},
{
"status": "affected",
"version": "15.2(7)E4"
},
{
"status": "affected",
"version": "15.2(8)E"
},
{
"status": "affected",
"version": "15.2(8)E1"
},
{
"status": "affected",
"version": "15.2(7)E5"
},
{
"status": "affected",
"version": "15.2(7)E6"
},
{
"status": "affected",
"version": "15.2(8)E2"
},
{
"status": "affected",
"version": "15.2(7)E7"
},
{
"status": "affected",
"version": "15.2(8)E3"
},
{
"status": "affected",
"version": "15.2(7)E8"
},
{
"status": "affected",
"version": "15.2(8)E4"
},
{
"status": "affected",
"version": "15.2(7)E9"
},
{
"status": "affected",
"version": "15.2(8)E5"
},
{
"status": "affected",
"version": "15.2(8)E6"
},
{
"status": "affected",
"version": "15.2(7)E10"
},
{
"status": "affected",
"version": "15.2(7)E11"
},
{
"status": "affected",
"version": "15.2(1)EY"
},
{
"status": "affected",
"version": "15.0(2)EK"
},
{
"status": "affected",
"version": "15.0(2)EK1"
},
{
"status": "affected",
"version": "15.2(2)EB"
},
{
"status": "affected",
"version": "15.2(2)EB1"
},
{
"status": "affected",
"version": "15.2(2)EB2"
},
{
"status": "affected",
"version": "15.2(6)EB"
},
{
"status": "affected",
"version": "15.2(2)EA"
},
{
"status": "affected",
"version": "15.2(2)EA2"
},
{
"status": "affected",
"version": "15.2(3)EA"
},
{
"status": "affected",
"version": "15.2(4)EA"
},
{
"status": "affected",
"version": "15.2(4)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA3"
},
{
"status": "affected",
"version": "15.2(4)EA4"
},
{
"status": "affected",
"version": "15.2(4)EA5"
},
{
"status": "affected",
"version": "15.2(4)EA6"
},
{
"status": "affected",
"version": "15.2(4)EA7"
},
{
"status": "affected",
"version": "15.2(4)EA8"
},
{
"status": "affected",
"version": "15.2(4)EA9"
},
{
"status": "affected",
"version": "15.2(4)EA9a"
},
{
"status": "affected",
"version": "15.2(4)EC1"
},
{
"status": "affected",
"version": "15.2(4)EC2"
},
{
"status": "affected",
"version": "15.3(3)JPU"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.\r\n\r This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.\r\n\r To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T17:36:33.740Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-http-privesc-wCRd5e3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3"
}
],
"source": {
"advisory": "cisco-sa-ios-http-privesc-wCRd5e3",
"defects": [
"CSCwj97907"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20164",
"datePublished": "2025-05-07T17:36:33.740Z",
"dateReserved": "2024-10-10T19:15:13.218Z",
"dateUpdated": "2025-05-08T03:56:33.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…