Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0737
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | UCS | UCS Manager Software versions antérieures à 4.2(3p) | ||
| Cisco | UCS | UCS Server versions 4.3 antérieures à 4.3(5c) sur UCS séries B, C et X | ||
| Cisco | UCS | UCS Server versions antérieures à 4.2(3o) sur UCS séries B, C et X | ||
| Cisco | UCS | UCS Server versions antérieures à 4.15.2 sur UCS séries E | ||
| Cisco | UCS | UCS Server versions 4.3 antérieures à 4.3(5.250001) sur UCS séries C | ||
| Cisco | UCS | UCS Manager versions 4.3 antérieures à 4.3(6a) | ||
| Cisco | Intersight Server | Intersight Server versions 5.x antérieures à 5.3(0.250001) sur UCS séries B et X | ||
| Cisco | Intersight Server | Intersight Server versions antérieures à 4.2(3l) sur UCS séries B | ||
| Cisco | commutateurs Nexus | les commutateurs Nexus séries 3000 et 9000, se référer au bulletin de sécurité de l'éditeur pour les systèmes affectés (cf. section Documentation) | ||
| Cisco | NFVIS | NFVIS versions antérieures à 4.18.1 | ||
| Cisco | Intersight Server | Intersight Server versions 5.0 antérieures à 5.0(4i) sur UCS séries X |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "UCS Manager Software versions ant\u00e9rieures \u00e0 4.2(3p)",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions 4.3 ant\u00e9rieures \u00e0 4.3(5c) sur UCS s\u00e9ries B, C et X",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions ant\u00e9rieures \u00e0 4.2(3o) sur UCS s\u00e9ries B, C et X",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions ant\u00e9rieures \u00e0 4.15.2 sur UCS s\u00e9ries E",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server versions 4.3 ant\u00e9rieures \u00e0 4.3(5.250001) sur UCS s\u00e9ries C",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Manager versions 4.3 ant\u00e9rieures \u00e0 4.3(6a)",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server versions 5.x ant\u00e9rieures \u00e0 5.3(0.250001) sur UCS s\u00e9ries B et X",
"product": {
"name": "Intersight Server",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server versions ant\u00e9rieures \u00e0 4.2(3l) sur UCS s\u00e9ries B",
"product": {
"name": "Intersight Server",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les commutateurs Nexus s\u00e9ries 3000 et 9000, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les syst\u00e8mes affect\u00e9s (cf. section Documentation)",
"product": {
"name": "commutateurs Nexus",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "NFVIS versions ant\u00e9rieures \u00e0 4.18.1",
"product": {
"name": "NFVIS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server versions 5.0 ant\u00e9rieures \u00e0 5.0(4i) sur UCS s\u00e9ries X",
"product": {
"name": "Intersight Server",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20317"
},
{
"name": "CVE-2025-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20241"
}
],
"initial_release_date": "2025-08-28T00:00:00",
"last_revision_date": "2025-08-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-08-27",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
},
{
"published_at": "2025-08-27",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-n39k-isis-dos-JhJA8Rfx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx"
}
]
}
CVE-2025-20241 (GCVE-0-2025-20241)
Vulnerability from cvelistv5
Published
2025-08-27 16:23
Modified
2025-08-27 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code
Summary
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition.
Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Version: 9.2(3) Version: 7.0(3)I5(2) Version: 6.0(2)A8(7a) Version: 7.0(3)I4(5) Version: 7.0(3)I4(6) Version: 7.0(3)I4(3) Version: 9.2(2v) Version: 7.0(3)I4(7) Version: 7.0(3)I4(1) Version: 7.0(3)I4(8) Version: 7.0(3)I4(2) Version: 6.0(2)A8(11) Version: 9.2(1) Version: 9.2(2t) Version: 9.2(3y) Version: 7.0(3)I4(1t) Version: 7.0(3)I7(6z) Version: 9.3(2) Version: 7.0(3)F3(3) Version: 7.0(3)I7(3z) Version: 7.0(3)IM7(2) Version: 6.0(2)A8(11b) Version: 7.0(3)I7(5a) Version: 7.0(3)I6(1) Version: 7.0(3)I5(3b) Version: 9.2(4) Version: 6.0(2)A8(10) Version: 6.0(2)A8(2) Version: 7.0(3)IC4(4) Version: 7.0(3)F3(3c) Version: 7.0(3)F3(1) Version: 7.0(3)F3(5) Version: 7.0(3)I7(2) Version: 7.0(3)I5(3) Version: 7.0(3)I7(3) Version: 6.0(2)A8(6) Version: 7.0(3)I6(2) Version: 6.0(2)A8(5) Version: 9.3(1) Version: 6.0(2)A8(7) Version: 7.0(3)I7(6) Version: 6.0(2)A8(11a) Version: 7.0(3)I4(8z) Version: 7.0(3)I4(9) Version: 7.0(3)I7(4) Version: 7.0(3)I7(7) Version: 6.0(2)A8(9) Version: 6.0(2)A8(1) Version: 6.0(2)A8(10a) Version: 7.0(3)I5(1) Version: 9.3(1z) Version: 9.2(2) Version: 7.0(3)F3(4) Version: 7.0(3)I4(8b) Version: 6.0(2)A8(3) Version: 7.0(3)I4(6t) Version: 7.0(3)I5(3a) Version: 6.0(2)A8(8) Version: 7.0(3)I7(5) Version: 7.0(3)F3(3a) Version: 6.0(2)A8(4) Version: 7.0(3)I4(8a) Version: 7.0(3)F3(2) Version: 7.0(3)I4(4) Version: 7.0(3)I7(1) Version: 7.0(3)IA7(2) Version: 7.0(3)IA7(1) Version: 6.0(2)A8(7b) Version: 6.0(2)A8(4a) Version: 9.3(3) Version: 7.0(3)I7(8) Version: 9.3(4) Version: 9.3(5) Version: 7.0(3)I7(9) Version: 9.3(6) Version: 10.1(2) Version: 10.1(1) Version: 9.3(5w) Version: 9.3(7) Version: 9.3(7k) Version: 7.0(3)I7(9w) Version: 10.2(1) Version: 9.3(7a) Version: 9.3(8) Version: 7.0(3)I7(10) Version: 10.2(1q) Version: 10.2(2) Version: 9.3(9) Version: 10.1(2t) Version: 10.2(3) Version: 10.2(3t) Version: 9.3(10) Version: 10.2(2a) Version: 10.3(1) Version: 10.2(4) Version: 10.3(2) Version: 9.3(11) Version: 10.3(3) Version: 10.2(5) Version: 9.3(12) Version: 10.2(3v) Version: 10.4(1) Version: 10.3(99w) Version: 10.2(6) Version: 10.3(3w) Version: 10.3(99x) Version: 10.3(3o) Version: 10.3(4) Version: 10.3(3p) Version: 10.3(4a) Version: 10.4(2) Version: 10.3(3q) Version: 9.3(13) Version: 10.3(5) Version: 10.2(7) Version: 10.4(3) Version: 10.3(3x) Version: 10.3(4g) Version: 10.5(1) Version: 10.2(8) Version: 10.3(3r) Version: 10.3(6) Version: 9.3(14) Version: 10.4(4) Version: 10.3(4h) Version: 10.5(2) Version: 10.4(4g) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:18:19.522793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:18:32.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.2(3)"
},
{
"status": "affected",
"version": "7.0(3)I5(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(7a)"
},
{
"status": "affected",
"version": "7.0(3)I4(5)"
},
{
"status": "affected",
"version": "7.0(3)I4(6)"
},
{
"status": "affected",
"version": "7.0(3)I4(3)"
},
{
"status": "affected",
"version": "9.2(2v)"
},
{
"status": "affected",
"version": "7.0(3)I4(7)"
},
{
"status": "affected",
"version": "7.0(3)I4(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(8)"
},
{
"status": "affected",
"version": "7.0(3)I4(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(11)"
},
{
"status": "affected",
"version": "9.2(1)"
},
{
"status": "affected",
"version": "9.2(2t)"
},
{
"status": "affected",
"version": "9.2(3y)"
},
{
"status": "affected",
"version": "7.0(3)I4(1t)"
},
{
"status": "affected",
"version": "7.0(3)I7(6z)"
},
{
"status": "affected",
"version": "9.3(2)"
},
{
"status": "affected",
"version": "7.0(3)F3(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(3z)"
},
{
"status": "affected",
"version": "7.0(3)IM7(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(11b)"
},
{
"status": "affected",
"version": "7.0(3)I7(5a)"
},
{
"status": "affected",
"version": "7.0(3)I6(1)"
},
{
"status": "affected",
"version": "7.0(3)I5(3b)"
},
{
"status": "affected",
"version": "9.2(4)"
},
{
"status": "affected",
"version": "6.0(2)A8(10)"
},
{
"status": "affected",
"version": "6.0(2)A8(2)"
},
{
"status": "affected",
"version": "7.0(3)IC4(4)"
},
{
"status": "affected",
"version": "7.0(3)F3(3c)"
},
{
"status": "affected",
"version": "7.0(3)F3(1)"
},
{
"status": "affected",
"version": "7.0(3)F3(5)"
},
{
"status": "affected",
"version": "7.0(3)I7(2)"
},
{
"status": "affected",
"version": "7.0(3)I5(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(3)"
},
{
"status": "affected",
"version": "6.0(2)A8(6)"
},
{
"status": "affected",
"version": "7.0(3)I6(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(5)"
},
{
"status": "affected",
"version": "9.3(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(7)"
},
{
"status": "affected",
"version": "7.0(3)I7(6)"
},
{
"status": "affected",
"version": "6.0(2)A8(11a)"
},
{
"status": "affected",
"version": "7.0(3)I4(8z)"
},
{
"status": "affected",
"version": "7.0(3)I4(9)"
},
{
"status": "affected",
"version": "7.0(3)I7(4)"
},
{
"status": "affected",
"version": "7.0(3)I7(7)"
},
{
"status": "affected",
"version": "6.0(2)A8(9)"
},
{
"status": "affected",
"version": "6.0(2)A8(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(10a)"
},
{
"status": "affected",
"version": "7.0(3)I5(1)"
},
{
"status": "affected",
"version": "9.3(1z)"
},
{
"status": "affected",
"version": "9.2(2)"
},
{
"status": "affected",
"version": "7.0(3)F3(4)"
},
{
"status": "affected",
"version": "7.0(3)I4(8b)"
},
{
"status": "affected",
"version": "6.0(2)A8(3)"
},
{
"status": "affected",
"version": "7.0(3)I4(6t)"
},
{
"status": "affected",
"version": "7.0(3)I5(3a)"
},
{
"status": "affected",
"version": "6.0(2)A8(8)"
},
{
"status": "affected",
"version": "7.0(3)I7(5)"
},
{
"status": "affected",
"version": "7.0(3)F3(3a)"
},
{
"status": "affected",
"version": "6.0(2)A8(4)"
},
{
"status": "affected",
"version": "7.0(3)I4(8a)"
},
{
"status": "affected",
"version": "7.0(3)F3(2)"
},
{
"status": "affected",
"version": "7.0(3)I4(4)"
},
{
"status": "affected",
"version": "7.0(3)I7(1)"
},
{
"status": "affected",
"version": "7.0(3)IA7(2)"
},
{
"status": "affected",
"version": "7.0(3)IA7(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(7b)"
},
{
"status": "affected",
"version": "6.0(2)A8(4a)"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(8)"
},
{
"status": "affected",
"version": "9.3(4)"
},
{
"status": "affected",
"version": "9.3(5)"
},
{
"status": "affected",
"version": "7.0(3)I7(9)"
},
{
"status": "affected",
"version": "9.3(6)"
},
{
"status": "affected",
"version": "10.1(2)"
},
{
"status": "affected",
"version": "10.1(1)"
},
{
"status": "affected",
"version": "9.3(5w)"
},
{
"status": "affected",
"version": "9.3(7)"
},
{
"status": "affected",
"version": "9.3(7k)"
},
{
"status": "affected",
"version": "7.0(3)I7(9w)"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "9.3(7a)"
},
{
"status": "affected",
"version": "9.3(8)"
},
{
"status": "affected",
"version": "7.0(3)I7(10)"
},
{
"status": "affected",
"version": "10.2(1q)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "9.3(9)"
},
{
"status": "affected",
"version": "10.1(2t)"
},
{
"status": "affected",
"version": "10.2(3)"
},
{
"status": "affected",
"version": "10.2(3t)"
},
{
"status": "affected",
"version": "9.3(10)"
},
{
"status": "affected",
"version": "10.2(2a)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.2(4)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "9.3(11)"
},
{
"status": "affected",
"version": "10.3(3)"
},
{
"status": "affected",
"version": "10.2(5)"
},
{
"status": "affected",
"version": "9.3(12)"
},
{
"status": "affected",
"version": "10.2(3v)"
},
{
"status": "affected",
"version": "10.4(1)"
},
{
"status": "affected",
"version": "10.3(99w)"
},
{
"status": "affected",
"version": "10.2(6)"
},
{
"status": "affected",
"version": "10.3(3w)"
},
{
"status": "affected",
"version": "10.3(99x)"
},
{
"status": "affected",
"version": "10.3(3o)"
},
{
"status": "affected",
"version": "10.3(4)"
},
{
"status": "affected",
"version": "10.3(3p)"
},
{
"status": "affected",
"version": "10.3(4a)"
},
{
"status": "affected",
"version": "10.4(2)"
},
{
"status": "affected",
"version": "10.3(3q)"
},
{
"status": "affected",
"version": "9.3(13)"
},
{
"status": "affected",
"version": "10.3(5)"
},
{
"status": "affected",
"version": "10.2(7)"
},
{
"status": "affected",
"version": "10.4(3)"
},
{
"status": "affected",
"version": "10.3(3x)"
},
{
"status": "affected",
"version": "10.3(4g)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.2(8)"
},
{
"status": "affected",
"version": "10.3(3r)"
},
{
"status": "affected",
"version": "10.3(6)"
},
{
"status": "affected",
"version": "9.3(14)"
},
{
"status": "affected",
"version": "10.4(4)"
},
{
"status": "affected",
"version": "10.3(4h)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.4(4g)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r\nThis vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-733",
"description": "Compiler Optimization Removal or Modification of Security-critical Code",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:55.242Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-n39k-isis-dos-JhJA8Rfx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx"
}
],
"source": {
"advisory": "cisco-sa-n39k-isis-dos-JhJA8Rfx",
"defects": [
"CSCwn49153"
],
"discovery": "INTERNAL"
},
"title": "Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol \u003cTBD\u003e Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20241",
"datePublished": "2025-08-27T16:23:55.242Z",
"dateReserved": "2024-10-10T19:15:13.238Z",
"dateUpdated": "2025-08-27T18:18:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20317 (GCVE-0-2025-20317)
Vulnerability from cvelistv5
Published
2025-08-27 16:23
Modified
2025-08-27 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.
This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note: The affected vKVM client is also included in Cisco UCS Manager.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Version: 4.0(1a) Version: 3.2(3n) Version: 4.1(1a) Version: 4.1(1b) Version: 4.0(4h) Version: 4.1(1c) Version: 3.2(3k) Version: 3.2(2c) Version: 4.0(4e) Version: 4.0(4g) Version: 3.2(3i) Version: 4.0(2e) Version: 3.2(3g) Version: 4.0(4a) Version: 4.0(2d) Version: 3.2(2d) Version: 4.0(1b) Version: 4.0(4f) Version: 3.2(3h) Version: 3.2(2f) Version: 4.0(4c) Version: 3.2(3a) Version: 4.0(1c) Version: 3.2(3d) Version: 3.2(2b) Version: 4.0(4b) Version: 3.2(2e) Version: 4.0(2b) Version: 4.0(4d) Version: 3.2(1d) Version: 3.2(3e) Version: 3.2(3l) Version: 3.2(3b) Version: 4.0(2a) Version: 3.2(3j) Version: 4.0(1d) Version: 3.2(3o) Version: 4.0(4i) Version: 4.1(1d) Version: 4.1(2a) Version: 4.1(1e) Version: 3.2(3p) Version: 4.1(2b) Version: 4.0(4k) Version: 4.1(3a) Version: 4.1(3b) Version: 4.1(2c) Version: 4.0(4l) Version: 4.1(4a) Version: 4.1(3c) Version: 4.1(3d) Version: 4.2(1c) Version: 4.2(1d) Version: 4.0(4m) Version: 4.1(3e) Version: 4.2(1f) Version: 4.1(3f) Version: 4.2(1i) Version: 4.1(3h) Version: 4.2(1k) Version: 4.2(1l) Version: 4.0(4n) Version: 4.2(1m) Version: 4.1(3i) Version: 4.2(2a) Version: 4.2(1n) Version: 4.1(3j) Version: 4.2(2c) Version: 4.2(2d) Version: 4.2(3b) Version: 4.1(3k) Version: 4.0(4o) Version: 4.2(2e) Version: 4.2(3d) Version: 4.2(3e) Version: 4.2(3g) Version: 4.1(3l) Version: 4.3(2b) Version: 4.2(3h) Version: 4.2(3i) Version: 4.3(2c) Version: 4.1(3m) Version: 4.3(2e) Version: 4.3(3a) Version: 4.2(3j) Version: 4.3(3c) Version: 4.3(4a) Version: 4.2(3k) Version: 4.3(4b) Version: 4.3(4c) Version: 4.2(3l) Version: 4.3(4d) Version: 4.3(2f) Version: 4.2(3m) Version: 4.3(5a) Version: 4.3(4e) Version: 4.1(3n) Version: 4.3(4f) Version: 4.2(3n) Version: 4.3(5c) Version: 4.2(3o) Version: 4.3(5d) Version: 4.3(5e) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:51:46.552039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:52:07.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
}
],
"source": {
"advisory": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"defects": [
"CSCwm57436"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20317",
"datePublished": "2025-08-27T16:23:18.607Z",
"dateReserved": "2024-10-10T19:15:13.253Z",
"dateUpdated": "2025-08-27T18:52:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…