CVE-2025-20116

CWE-79Cross-site Scripting (XSS)CWE-77Command Injection4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 87.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller
Timeline
PublishedFeb 26

Description

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability2025-02-26
GHSA
GHSA-7hc3-j2x7-vm7q: A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system2025-02-26

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller Vulnerabilities2025-02-26
CVE-2025-20116 (MEDIUM CVSS 4.8) | A vulnerability in the web UI of Ci | cvebase.io