CVE-2025-20200

CWE-754CWE-20Improper Input Validation4 documents4 sources
Severity
8.2HIGH
EPSS
0.1%
top 75.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMay 7

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:NExploitability: 1.5 | Impact: 4.7

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software410 versions+409
NVDcisco/ios_xe410 versions+409

🔴Vulnerability Details

2
GHSA
GHSA-cp9m-fgrv-j66x: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root2025-05-07
CVEList
CVE-2025-20200: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root2025-05-07

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Privilege Escalation Vulnerabilities2025-05-07