CVE-2025-20240

EPSS 0.05%
Veröffentlicht 24.09.2025 18:15:34
Zuletzt bearbeitet 26.09.2025 18:15:35
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device.

 This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco IOS XE Software

Version 16.6.1

Status affected

Version 16.6.2

Status affected

Version 16.6.3

Status affected

Version 16.6.4

Status affected

Version 16.6.5

Status affected

Version 16.6.4a

Status affected

Version 16.6.5a

Status affected

Version 16.6.6

Status affected

Version 16.6.7

Status affected

Version 16.6.8

Status affected

Version 16.6.9

Status affected

Version 16.6.10

Status affected

Version 16.7.1

Status affected

Version 16.7.1a

Status affected

Version 16.7.1b

Status affected

Version 16.7.2

Status affected

Version 16.7.3

Status affected

Version 16.7.4

Status affected

Version 16.8.1

Status affected

Version 16.8.1a

Status affected

Version 16.8.1b

Status affected

Version 16.8.1s

Status affected

Version 16.8.1c

Status affected

Version 16.8.1d

Status affected

Version 16.8.2

Status affected

Version 16.8.1e

Status affected

Version 16.8.3

Status affected

Version 16.9.1

Status affected

Version 16.9.2

Status affected

Version 16.9.1a

Status affected

Version 16.9.1b

Status affected

Version 16.9.1s

Status affected

Version 16.9.3

Status affected

Version 16.9.4

Status affected

Version 16.9.3a

Status affected

Version 16.9.5

Status affected

Version 16.9.5f

Status affected

Version 16.9.6

Status affected

Version 16.9.7

Status affected

Version 16.9.8

Status affected

Version 16.10.1

Status affected

Version 16.10.1a

Status affected

Version 16.10.1b

Status affected

Version 16.10.1s

Status affected

Version 16.10.1c

Status affected

Version 16.10.1e

Status affected

Version 16.10.1d

Status affected

Version 16.10.2

Status affected

Version 16.10.1f

Status affected

Version 16.10.1g

Status affected

Version 16.10.3

Status affected

Version 16.11.1

Status affected

Version 16.11.1a

Status affected

Version 16.11.1b

Status affected

Version 16.11.2

Status affected

Version 16.11.1s

Status affected

Version 16.12.1

Status affected

Version 16.12.1s

Status affected

Version 16.12.1a

Status affected

Version 16.12.1c

Status affected

Version 16.12.1w

Status affected

Version 16.12.2

Status affected

Version 16.12.1y

Status affected

Version 16.12.2a

Status affected

Version 16.12.3

Status affected

Version 16.12.8

Status affected

Version 16.12.2s

Status affected

Version 16.12.1x

Status affected

Version 16.12.1t

Status affected

Version 16.12.4

Status affected

Version 16.12.3s

Status affected

Version 16.12.3a

Status affected

Version 16.12.4a

Status affected

Version 16.12.5

Status affected

Version 16.12.6

Status affected

Version 16.12.1z1

Status affected

Version 16.12.5a

Status affected

Version 16.12.5b

Status affected

Version 16.12.1z2

Status affected

Version 16.12.6a

Status affected

Version 16.12.7

Status affected

Version 16.12.9

Status affected

Version 16.12.10

Status affected

Version 16.12.10a

Status affected

Version 16.12.11

Status affected

Version 16.12.12

Status affected

Version 16.12.13

Status affected

Version 17.1.1

Status affected

Version 17.1.1a

Status affected

Version 17.1.1s

Status affected

Version 17.1.1t

Status affected

Version 17.1.3

Status affected

Version 17.2.1

Status affected

Version 17.2.1r

Status affected

Version 17.2.1a

Status affected

Version 17.2.1v

Status affected

Version 17.2.2

Status affected

Version 17.2.3

Status affected

Version 17.3.1

Status affected

Version 17.3.2

Status affected

Version 17.3.3

Status affected

Version 17.3.1a

Status affected

Version 17.3.1w

Status affected

Version 17.3.2a

Status affected

Version 17.3.1x

Status affected

Version 17.3.1z

Status affected

Version 17.3.4

Status affected

Version 17.3.5

Status affected

Version 17.3.4a

Status affected

Version 17.3.6

Status affected

Version 17.3.4b

Status affected

Version 17.3.4c

Status affected

Version 17.3.5a

Status affected

Version 17.3.5b

Status affected

Version 17.3.7

Status affected

Version 17.3.8

Status affected

Version 17.3.8a

Status affected

Version 17.4.1

Status affected

Version 17.4.2

Status affected

Version 17.4.1a

Status affected

Version 17.4.1b

Status affected

Version 17.4.2a

Status affected

Version 17.5.1

Status affected

Version 17.5.1a

Status affected

Version 17.6.1

Status affected

Version 17.6.2

Status affected

Version 17.6.1w

Status affected

Version 17.6.1a

Status affected

Version 17.6.1x

Status affected

Version 17.6.3

Status affected

Version 17.6.1y

Status affected

Version 17.6.1z

Status affected

Version 17.6.3a

Status affected

Version 17.6.4

Status affected

Version 17.6.1z1

Status affected

Version 17.6.5

Status affected

Version 17.6.6

Status affected

Version 17.6.6a

Status affected

Version 17.6.5a

Status affected

Version 17.6.7

Status affected

Version 17.6.8

Status affected

Version 17.6.8a

Status affected

Version 17.7.1

Status affected

Version 17.7.1a

Status affected

Version 17.7.1b

Status affected

Version 17.7.2

Status affected

Version 17.10.1

Status affected

Version 17.10.1a

Status affected

Version 17.10.1b

Status affected

Version 17.8.1

Status affected

Version 17.8.1a

Status affected

Version 17.9.1

Status affected

Version 17.9.1w

Status affected

Version 17.9.2

Status affected

Version 17.9.1a

Status affected

Version 17.9.1x

Status affected

Version 17.9.1y

Status affected

Version 17.9.3

Status affected

Version 17.9.2a

Status affected

Version 17.9.1x1

Status affected

Version 17.9.3a

Status affected

Version 17.9.4

Status affected

Version 17.9.1y1

Status affected

Version 17.9.5

Status affected

Version 17.9.4a

Status affected

Version 17.9.5a

Status affected

Version 17.9.5b

Status affected

Version 17.9.6

Status affected

Version 17.9.6a

Status affected

Version 17.9.7

Status affected

Version 17.9.5e

Status affected

Version 17.9.5f

Status affected

Version 17.9.7a

Status affected

Version 17.9.7b

Status affected

Version 17.11.1

Status affected

Version 17.11.1a

Status affected

Version 17.12.1

Status affected

Version 17.12.1w

Status affected

Version 17.12.1a

Status affected

Version 17.12.1x

Status affected

Version 17.12.2

Status affected

Version 17.12.3

Status affected

Version 17.12.2a

Status affected

Version 17.12.1y

Status affected

Version 17.12.1z

Status affected

Version 17.12.4

Status affected

Version 17.12.3a

Status affected

Version 17.12.1z1

Status affected

Version 17.12.1z2

Status affected

Version 17.12.4a

Status affected

Version 17.12.5

Status affected

Version 17.12.4b

Status affected

Version 17.12.1z3

Status affected

Version 17.12.5a

Status affected

Version 17.12.1z4

Status affected

Version 17.12.5b

Status affected

Version 17.12.5c

Status affected

Version 17.13.1

Status affected

Version 17.13.1a

Status affected

Version 17.14.1

Status affected

Version 17.14.1a

Status affected

Version 17.15.1

Status affected

Version 17.15.1w

Status affected

Version 17.15.1a

Status affected

Version 17.15.2

Status affected

Version 17.15.1b

Status affected

Version 17.15.1x

Status affected

Version 17.15.3

Status affected

Version 17.15.2c

Status affected

Version 17.15.2a

Status affected

Version 17.15.1y

Status affected

Version 17.15.2b

Status affected

Version 17.15.3a

Status affected

Version 17.15.3b

Status affected

Version 17.16.1

Status affected

Version 17.16.1a

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-692 Incomplete Denylist to Cross-Site Scripting

The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOU

https://nvd.nist.gov/vuln/detail/CVE-2025-20240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20240

EUVD