Cross-Site Scripting Vulnerability in Cisco Expressway Series Web Interface
CVE-2025-20179

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Video Communication Server (vcs) Expressway
Vendor: CVE Published:; 5 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web-based management interface of the Cisco Expressway Series, allowing an unauthenticated attacker to conduct cross-site scripting (XSS) attacks. This security issue arises from improper validation of user input, enabling malicious actors to execute arbitrary scripts in the context of the interface or access sensitive information within the user's browser. To mitigate the risk, administrators should ensure that users are educated about the importance of not clicking on untrusted links and should apply security patches as they become available.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway X8.11.2

Cisco TelePresence Video Communication Server (VCS) Expressway X8.6

Cisco TelePresence Video Communication Server (VCS) Expressway X8.11.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 5, 2025
Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Oct 10, 2024