CVE-2025-20338

EPSS 0.01%
Veröffentlicht 24.09.2025 18:15:36
Zuletzt bearbeitet 26.09.2025 14:32:53
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.

 This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco IOS XE Software

Version 3.5.0E

Status affected

Version 3.5.1E

Status affected

Version 3.5.2E

Status affected

Version 3.5.3E

Status affected

Version 3.11.1S

Status affected

Version 3.11.2S

Status affected

Version 3.11.0S

Status affected

Version 3.11.3S

Status affected

Version 3.11.4S

Status affected

Version 3.12.0S

Status affected

Version 3.12.1S

Status affected

Version 3.12.2S

Status affected

Version 3.12.3S

Status affected

Version 3.12.0aS

Status affected

Version 3.12.4S

Status affected

Version 3.13.0S

Status affected

Version 3.13.1S

Status affected

Version 3.13.2S

Status affected

Version 3.13.3S

Status affected

Version 3.13.4S

Status affected

Version 3.13.5S

Status affected

Version 3.13.2aS

Status affected

Version 3.13.0aS

Status affected

Version 3.13.5aS

Status affected

Version 3.13.6S

Status affected

Version 3.13.7S

Status affected

Version 3.13.6aS

Status affected

Version 3.13.7aS

Status affected

Version 3.13.8S

Status affected

Version 3.13.9S

Status affected

Version 3.13.10S

Status affected

Version 3.6.0E

Status affected

Version 3.6.1E

Status affected

Version 3.6.2aE

Status affected

Version 3.6.2E

Status affected

Version 3.6.3E

Status affected

Version 3.6.4E

Status affected

Version 3.6.5E

Status affected

Version 3.6.6E

Status affected

Version 3.6.5aE

Status affected

Version 3.6.7E

Status affected

Version 3.6.8E

Status affected

Version 3.6.7bE

Status affected

Version 3.6.9E

Status affected

Version 3.6.10E

Status affected

Version 3.14.0S

Status affected

Version 3.14.1S

Status affected

Version 3.14.2S

Status affected

Version 3.14.3S

Status affected

Version 3.14.4S

Status affected

Version 3.15.0S

Status affected

Version 3.15.1S

Status affected

Version 3.15.2S

Status affected

Version 3.15.1cS

Status affected

Version 3.15.3S

Status affected

Version 3.15.4S

Status affected

Version 3.7.0E

Status affected

Version 3.7.1E

Status affected

Version 3.7.2E

Status affected

Version 3.7.3E

Status affected

Version 3.7.4E

Status affected

Version 3.7.5E

Status affected

Version 3.5.0SQ

Status affected

Version 3.5.1SQ

Status affected

Version 3.5.2SQ

Status affected

Version 3.5.3SQ

Status affected

Version 3.5.4SQ

Status affected

Version 3.5.5SQ

Status affected

Version 3.5.6SQ

Status affected

Version 3.5.7SQ

Status affected

Version 3.5.8SQ

Status affected

Version 3.16.0S

Status affected

Version 3.16.1S

Status affected

Version 3.16.1aS

Status affected

Version 3.16.2S

Status affected

Version 3.16.2aS

Status affected

Version 3.16.0cS

Status affected

Version 3.16.3S

Status affected

Version 3.16.2bS

Status affected

Version 3.16.3aS

Status affected

Version 3.16.4S

Status affected

Version 3.16.4aS

Status affected

Version 3.16.4bS

Status affected

Version 3.16.5S

Status affected

Version 3.16.4dS

Status affected

Version 3.16.6S

Status affected

Version 3.16.7S

Status affected

Version 3.16.6bS

Status affected

Version 3.16.7aS

Status affected

Version 3.16.7bS

Status affected

Version 3.16.8S

Status affected

Version 3.16.9S

Status affected

Version 3.16.10S

Status affected

Version 3.17.0S

Status affected

Version 3.17.1S

Status affected

Version 3.17.2S

Status affected

Version 3.17.1aS

Status affected

Version 3.17.3S

Status affected

Version 3.17.4S

Status affected

Version 3.8.0E

Status affected

Version 3.8.1E

Status affected

Version 3.8.2E

Status affected

Version 3.8.3E

Status affected

Version 3.8.4E

Status affected

Version 3.8.5E

Status affected

Version 3.8.5aE

Status affected

Version 3.8.6E

Status affected

Version 3.8.7E

Status affected

Version 3.8.8E

Status affected

Version 3.8.9E

Status affected

Version 3.8.10E

Status affected

Version 3.8.10eE

Status affected

Version 3.18.0aS

Status affected

Version 3.18.0S

Status affected

Version 3.18.1S

Status affected

Version 3.18.2S

Status affected

Version 3.18.3S

Status affected

Version 3.18.4S

Status affected

Version 3.18.0SP

Status affected

Version 3.18.1SP

Status affected

Version 3.18.1aSP

Status affected

Version 3.18.1bSP

Status affected

Version 3.18.1cSP

Status affected

Version 3.18.2SP

Status affected

Version 3.18.2aSP

Status affected

Version 3.18.3SP

Status affected

Version 3.18.4SP

Status affected

Version 3.18.3aSP

Status affected

Version 3.18.3bSP

Status affected

Version 3.18.5SP

Status affected

Version 3.18.6SP

Status affected

Version 3.18.7SP

Status affected

Version 3.18.8aSP

Status affected

Version 3.18.9SP

Status affected

Version 3.9.0E

Status affected

Version 3.9.1E

Status affected

Version 3.9.2E

Status affected

Version 16.6.1

Status affected

Version 16.6.2

Status affected

Version 16.6.3

Status affected

Version 16.6.4

Status affected

Version 16.6.5

Status affected

Version 16.6.4a

Status affected

Version 16.6.5a

Status affected

Version 16.6.6

Status affected

Version 16.6.7

Status affected

Version 16.6.8

Status affected

Version 16.6.9

Status affected

Version 16.6.10

Status affected

Version 16.7.1

Status affected

Version 16.7.1a

Status affected

Version 16.7.1b

Status affected

Version 16.7.2

Status affected

Version 16.7.3

Status affected

Version 16.7.4

Status affected

Version 16.8.1

Status affected

Version 16.8.1a

Status affected

Version 16.8.1b

Status affected

Version 16.8.1s

Status affected

Version 16.8.1c

Status affected

Version 16.8.1d

Status affected

Version 16.8.2

Status affected

Version 16.8.1e

Status affected

Version 16.8.3

Status affected

Version 16.9.1

Status affected

Version 16.9.2

Status affected

Version 16.9.1a

Status affected

Version 16.9.1b

Status affected

Version 16.9.1s

Status affected

Version 16.9.3

Status affected

Version 16.9.4

Status affected

Version 16.9.3a

Status affected

Version 16.9.5

Status affected

Version 16.9.5f

Status affected

Version 16.9.6

Status affected

Version 16.9.7

Status affected

Version 16.9.8

Status affected

Version 16.10.1

Status affected

Version 16.10.1a

Status affected

Version 16.10.1b

Status affected

Version 16.10.1s

Status affected

Version 16.10.1c

Status affected

Version 16.10.1e

Status affected

Version 16.10.1d

Status affected

Version 16.10.2

Status affected

Version 16.10.1f

Status affected

Version 16.10.1g

Status affected

Version 16.10.3

Status affected

Version 3.10.0E

Status affected

Version 3.10.1E

Status affected

Version 3.10.0cE

Status affected

Version 3.10.2E

Status affected

Version 3.10.3E

Status affected

Version 16.11.1

Status affected

Version 16.11.1a

Status affected

Version 16.11.1b

Status affected

Version 16.11.2

Status affected

Version 16.11.1s

Status affected

Version 16.12.1

Status affected

Version 16.12.1s

Status affected

Version 16.12.1a

Status affected

Version 16.12.1c

Status affected

Version 16.12.1w

Status affected

Version 16.12.2

Status affected

Version 16.12.1y

Status affected

Version 16.12.2a

Status affected

Version 16.12.3

Status affected

Version 16.12.8

Status affected

Version 16.12.2s

Status affected

Version 16.12.1x

Status affected

Version 16.12.1t

Status affected

Version 16.12.4

Status affected

Version 16.12.3s

Status affected

Version 16.12.3a

Status affected

Version 16.12.4a

Status affected

Version 16.12.5

Status affected

Version 16.12.6

Status affected

Version 16.12.1z1

Status affected

Version 16.12.5a

Status affected

Version 16.12.5b

Status affected

Version 16.12.1z2

Status affected

Version 16.12.6a

Status affected

Version 16.12.7

Status affected

Version 16.12.9

Status affected

Version 16.12.10

Status affected

Version 16.12.10a

Status affected

Version 16.12.11

Status affected

Version 16.12.12

Status affected

Version 16.12.13

Status affected

Version 3.11.0E

Status affected

Version 3.11.1E

Status affected

Version 3.11.2E

Status affected

Version 3.11.3E

Status affected

Version 3.11.1aE

Status affected

Version 3.11.4E

Status affected

Version 3.11.3aE

Status affected

Version 3.11.5E

Status affected

Version 3.11.6E

Status affected

Version 3.11.7E

Status affected

Version 3.11.8E

Status affected

Version 3.11.9E

Status affected

Version 3.11.10E

Status affected

Version 3.11.11E

Status affected

Version 3.11.12E

Status affected

Version 17.1.1

Status affected

Version 17.1.1a

Status affected

Version 17.1.1s

Status affected

Version 17.1.1t

Status affected

Version 17.1.3

Status affected

Version 17.2.1

Status affected

Version 17.2.1r

Status affected

Version 17.2.1a

Status affected

Version 17.2.1v

Status affected

Version 17.2.2

Status affected

Version 17.2.3

Status affected

Version 17.3.1

Status affected

Version 17.3.2

Status affected

Version 17.3.3

Status affected

Version 17.3.1a

Status affected

Version 17.3.1w

Status affected

Version 17.3.2a

Status affected

Version 17.3.1x

Status affected

Version 17.3.1z

Status affected

Version 17.3.4

Status affected

Version 17.3.5

Status affected

Version 17.3.4a

Status affected

Version 17.3.6

Status affected

Version 17.3.4b

Status affected

Version 17.3.4c

Status affected

Version 17.3.5a

Status affected

Version 17.3.5b

Status affected

Version 17.3.7

Status affected

Version 17.3.8

Status affected

Version 17.3.8a

Status affected

Version 17.4.1

Status affected

Version 17.4.2

Status affected

Version 17.4.1a

Status affected

Version 17.4.1b

Status affected

Version 17.4.2a

Status affected

Version 17.5.1

Status affected

Version 17.5.1a

Status affected

Version 17.6.1

Status affected

Version 17.6.2

Status affected

Version 17.6.1w

Status affected

Version 17.6.1a

Status affected

Version 17.6.1x

Status affected

Version 17.6.3

Status affected

Version 17.6.1y

Status affected

Version 17.6.1z

Status affected

Version 17.6.3a

Status affected

Version 17.6.4

Status affected

Version 17.6.1z1

Status affected

Version 17.6.5

Status affected

Version 17.6.6

Status affected

Version 17.6.6a

Status affected

Version 17.6.5a

Status affected

Version 17.6.7

Status affected

Version 17.6.8

Status affected

Version 17.6.8a

Status affected

Version 17.7.1

Status affected

Version 17.7.1a

Status affected

Version 17.7.1b

Status affected

Version 17.7.2

Status affected

Version 17.10.1

Status affected

Version 17.10.1a

Status affected

Version 17.10.1b

Status affected

Version 17.8.1

Status affected

Version 17.8.1a

Status affected

Version 17.9.1

Status affected

Version 17.9.1w

Status affected

Version 17.9.2

Status affected

Version 17.9.1a

Status affected

Version 17.9.1x

Status affected

Version 17.9.1y

Status affected

Version 17.9.3

Status affected

Version 17.9.2a

Status affected

Version 17.9.1x1

Status affected

Version 17.9.3a

Status affected

Version 17.9.4

Status affected

Version 17.9.1y1

Status affected

Version 17.9.5

Status affected

Version 17.9.4a

Status affected

Version 17.9.5a

Status affected

Version 17.9.5b

Status affected

Version 17.9.6

Status affected

Version 17.9.6a

Status affected

Version 17.9.7

Status affected

Version 17.9.5e

Status affected

Version 17.9.5f

Status affected

Version 17.9.7a

Status affected

Version 17.9.7b

Status affected

Version 17.11.1

Status affected

Version 17.11.1a

Status affected

Version 17.12.1

Status affected

Version 17.12.1w

Status affected

Version 17.12.1a

Status affected

Version 17.12.1x

Status affected

Version 17.12.2

Status affected

Version 17.12.3

Status affected

Version 17.12.2a

Status affected

Version 17.12.1y

Status affected

Version 17.12.1z

Status affected

Version 17.12.4

Status affected

Version 17.12.3a

Status affected

Version 17.12.1z1

Status affected

Version 17.12.1z2

Status affected

Version 17.12.4a

Status affected

Version 17.12.5

Status affected

Version 17.12.4b

Status affected

Version 17.12.1z3

Status affected

Version 17.12.5a

Status affected

Version 17.12.1z4

Status affected

Version 17.12.5b

Status affected

Version 17.12.5c

Status affected

Version 17.13.1

Status affected

Version 17.13.1a

Status affected

Version 17.14.1

Status affected

Version 17.14.1a

Status affected

Version 17.15.1

Status affected

Version 17.15.1w

Status affected

Version 17.15.1a

Status affected

Version 17.15.2

Status affected

Version 17.15.1b

Status affected

Version 17.15.1x

Status affected

Version 17.15.1z

Status affected

Version 17.15.3

Status affected

Version 17.15.2c

Status affected

Version 17.15.2a

Status affected

Version 17.15.1y

Status affected

Version 17.15.2b

Status affected

Version 17.15.3a

Status affected

Version 17.15.3b

Status affected

Version 17.16.1

Status affected

Version 17.16.1a

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-141 Improper Neutralization of Parameter/Argument Delimiters

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e

https://nvd.nist.gov/vuln/detail/CVE-2025-20338

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20338

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20338

EUVD