HTML Injection Vulnerability in Cisco Secure Firewall Management Center Software
CVE-2025-20148

8.5HIGH

Key Information:

Vendor

Cisco
Status
Cisco Firepower Management Center
Vendor
CVE Published:
14 August 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-20148?

A vulnerability exists within the web-based management interface of Cisco Secure Firewall Management Center Software. This flaw allows an authenticated remote attacker to inject arbitrary HTML into documents generated by the device. Due to improper validation of user-supplied data, an attacker with valid credentials can submit malicious content, altering the layout of official documents and potentially accessing sensitive files from the system. Additionally, this exploit could facilitate server-side request forgery (SSRF) attacks, further compromising the security of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Firepower Management Center 7.2.4

Cisco Firepower Management Center 7.0.6

Cisco Firepower Management Center 7.2.4.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.