Privilege Escalation Vulnerability in Cisco Industrial Ethernet Switch Device Manager
CVE-2025-20164
8.3HIGH
What is CVE-2025-20164?
A security vulnerability exists in the Cisco Industrial Ethernet Switch Device Manager within Cisco IOS Software, enabling an authenticated remote attacker to elevate their privileges. This flaw arises from inadequate authorization validation for users. By crafting a specially designed HTTP request, an attacker with valid credentials can exploit this vulnerability, potentially gaining elevated privileges to the highest level (privilege level 15). Users with read-only access are assigned privilege level 5, highlighting the importance of secure credential management and robust authorization checks in preventing exploitation.
Affected Version(s)
IOS 15.0(2)SE8
IOS 15.0(2)EA
IOS 15.0(2)EA1