CVE-2025-20206

CWE-3474 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 89.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Client Cisco Cisco Secure Client

Timeline

PublishedMar 5

Description

A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specifi…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDcisco/secure_client< 5.1.8.105

▶CVEListV5cisco/cisco_secure_client42 versions+41

🔴Vulnerability Details

CVEList

Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability↗2025-03-05

▶

GHSA

GHSA-xq6h-hm2m-hw55: A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to per↗2025-03-05

▶

📋Vendor Advisories

Cisco

Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability↗2025-03-05

▶