CVE-2025-20218

CWE-643CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
4.9MEDIUM
EPSS
0.0%
top 86.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedAug 14
Latest updateNov 20

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve sensitive information from th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center87 versions+86

🔴Vulnerability Details

3
GHSA
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow2025-11-20
GHSA
GHSA-wxr2-pwc5-7wgv: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote a2025-08-14
CVEList
Cisco Secure Firepower Management Center Software XPATH Injection Vulnerability2025-08-14

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software XPATH Injection Vulnerability2025-08-14
CVE-2025-20218 (MEDIUM CVSS 4.9) | A vulnerability in the web-based ma | cvebase.io