CVE-2025-20327
Severity
7.7HIGH
EPSS
0.2%
top 62.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 24
Description
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0
Affected Packages1 packages
🔴Vulnerability Details
2CVEList▶
CVE-2025-20327: A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (Do↗2025-09-24
GHSA▶
GHSA-v2fp-r496-ppm8: A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (Do↗2025-09-24
📋Vendor Advisories
1Cisco▶
Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability↗2025-09-24