CVE-2025-20334
published 2025-09-24CVE-2025-20334: A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into…
PriorityP264high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.47%
37.0th percentile
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.
This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is an authenticated HTTP API call with crafted/malicious input to a Cisco IOS XE device; monitor for anomalous or unexpected API calls from administrative sessions ↗
- →Secondary attack vector is CSRF-style: an unauthenticated attacker delivers a crafted link to a logged-in admin; monitor for outbound HTTP requests from admin browsers to IOS XE management interfaces originating from unexpected referrers ↗
- →Successful exploitation results in arbitrary OS command execution as root; alert on unexpected root-level process spawning from the IOS XE HTTP API daemon (e.g. web server child processes launching shells) ↗
- →Track Cisco bug ID CSCwn48408 for vendor patch and detection guidance updates ↗
- ·Exploitation requires the HTTP API subsystem to be enabled and reachable; restrict management-plane access (HTTP/HTTPS) to trusted hosts only to reduce attack surface ↗
- ·There are no workarounds available; patching to a fixed software release is the only remediation ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vendor_cisco8.8HIGH
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IOS XE Software HTTP API Command Injection Vulnerability
vendor_cisco·2025-09-24·CVSS 8.8
CVE-2025-20334 [HIGH] CWE-77 Cisco IOS XE Software HTTP API Command Injection Vulnerability
Cisco IOS XE Software HTTP API Command Injection Vulnerability
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.
This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Cisco has released software updates that address th
Microsoft
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (an
vendor_msrc·2020-01-14·CVSS 5.5
CVE-2019-20334 [MEDIUM] CWE-674 In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (an
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more
Cisco
Cisco IOS XE Software HTTP API Command Injection Vulnerability
vendor_cisco·CVSS 3.1
CVE-2025-20334 Cisco IOS XE Software HTTP API Command Injection Vulnerability
CVE-2025-20334: Cisco IOS XE Software HTTP API Command Injection Vulnerability
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates th
GHSA
GHSA-gm2m-9c24-v5ff: A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privil
ghsa_unreviewed·2025-09-24
CVE-2025-20334 [HIGH] CWE-77 GHSA-gm2m-9c24-v5ff: A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privil
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.
This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-24
Published