Stored XSS Vulnerability in Cisco APIC Web UI
CVE-2025-20116

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Application Policy Infrastructure Controller (apic)
Vendor: CVE Published:; 26 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web UI of Cisco APIC that allows an authenticated remote attacker to perform a stored XSS attack. This issue is triggered by improper input validation within the web interface, enabling attackers with valid administrative credentials to inject malicious scripts into specific pages. The successful exploitation could permit unauthorized script execution in the context of the web UI, potentially granting access to sensitive browser-based information. For further details refer to the advisory provided by Cisco.

Affected Version(s)

Cisco Application Policy Infrastructure Controller (APIC) 3.2(8d)

Cisco Application Policy Infrastructure Controller (APIC) 3.2(1m)

Cisco Application Policy Infrastructure Controller (APIC) 3.2(5e)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 26, 2025
Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Oct 10, 2024