CVE-2025-20148

CWE-20Improper Input Validation4 documents4 sources
Severity
8.5HIGH
EPSS
0.1%
top 82.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedAug 14

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-wx6g-rg4g-cr55: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote a2025-08-14
CVEList
Cisco Secure Firewall Management Center HTML Injection Vulnerability2025-08-14

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software HTML Injection Vulnerability2025-08-14
CVE-2025-20148 (HIGH CVSS 8.5) | A vulnerability in the web-based ma | cvebase.io