CVE-2025-20216

CWE-744 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 67.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedMay 7

Description

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cis

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager282 versions+281
CVEListV5cisco/cisco_catalyst_sd-wan_manager303 versions+302

🔴Vulnerability Details

2
GHSA
GHSA-8w25-4r69-mq7p: A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker2025-05-07
CVEList
Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability2025-05-07

📋Vendor Advisories

1
Cisco
Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability2025-05-07
CVE-2025-20216 (MEDIUM CVSS 4.3) | A vulnerability in the web interfac | cvebase.io