CVE-2025-20197

CWE-20Improper Input ValidationCWE-7544 documents4 sources
Severity
8.2HIGH
EPSS
0.1%
top 75.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMay 7

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:NExploitability: 1.5 | Impact: 4.7

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software329 versions+328
NVDcisco/ios_xe329 versions+328

🔴Vulnerability Details

2
GHSA
GHSA-2h9x-xhwj-wr94: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root2025-05-07
CVEList
CVE-2025-20197: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root2025-05-07

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Privilege Escalation Vulnerabilities2025-05-07