GHSA-9f26-h7x7-2mc5

Опубликовано: 13 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.7

Описание

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

Ссылки

EPSS

Процентиль: 7%

0.00028

Низкий

4.7 Medium

CVSS3

CVE ID

CVE-2025-20355

Дефекты

CWE-601

Связанные уязвимости

CVE-2025-20355

CVSS3: 4.7

nvd

3 месяца назад

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

BDU:2025-16281

CVSS3: 4.7

fstec

3 месяца назад

Уязвимость веб-интерфейса управления системы управления сетевой инфраструктурой Cisco Catalyst Center (ранее Cisco DNA Center), позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес

EPSS

Процентиль: 7%

0.00028

Низкий

4.7 Medium

CVSS3

CVE ID

CVE-2025-20355

Дефекты

CWE-601