CVE-2025-20355 — Open Redirect in Cisco Digital Network Architecture Center

CWE-601 — Open Redirect4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 96.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Digital Network Architecture Center

Timeline

PublishedNov 13

Description

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5cisco/cisco_digital_network_architecture_center110 versions+109

🔴Vulnerability Details

CVEList

Cisco Catalyst Center Software HTTP Open Redirect Vulnerability↗2025-11-13

▶

GHSA

GHSA-9f26-h7x7-2mc5: A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to re↗2025-11-13

▶

📋Vendor Advisories

Cisco

Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability↗2025-11-13

▶