CVE-2025-20148

EPSS 0.05%
Veröffentlicht 14.08.2025 16:28:24
Zuletzt bearbeitet 25.08.2025 14:44:12
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.

This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Secure Firewall Management Center Version7.0.6

Cisco ≫ Secure Firewall Management Center Version7.0.6.1

Cisco ≫ Secure Firewall Management Center Version7.0.6.2

Cisco ≫ Secure Firewall Management Center Version7.0.6.3

Cisco ≫ Secure Firewall Management Center Version7.2.4

Cisco ≫ Secure Firewall Management Center Version7.2.4.1

Cisco ≫ Secure Firewall Management Center Version7.2.5

Cisco ≫ Secure Firewall Management Center Version7.2.5.1

Cisco ≫ Secure Firewall Management Center Version7.2.5.2

Cisco ≫ Secure Firewall Management Center Version7.2.6

Cisco ≫ Secure Firewall Management Center Version7.2.7

Cisco ≫ Secure Firewall Management Center Version7.2.8

Cisco ≫ Secure Firewall Management Center Version7.2.8.1

Cisco ≫ Secure Firewall Management Center Version7.2.9

Cisco ≫ Secure Firewall Management Center Version7.4.0

Cisco ≫ Secure Firewall Management Center Version7.4.1

Cisco ≫ Secure Firewall Management Center Version7.4.1.1

Cisco ≫ Secure Firewall Management Center Version7.4.2

Cisco ≫ Secure Firewall Management Center Version7.4.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.154

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	8.5	3.1	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20148

EUVD