Injection Vulnerability in Cisco Web-Based Management Interface
CVE-2025-20193
6.5MEDIUM
What is CVE-2025-20193?
A vulnerability exists in the web-based management interface of Cisco IOS XE Software, allowing an authenticated, low-privileged remote attacker to perform injection attacks. This issue stems from inadequate input validation, enabling attackers to send specially crafted input to the management interface. Successful exploitation could permit unauthorized access to read files from the underlying operating system, posing significant risks to network integrity and data security.
Affected Version(s)
Cisco IOS XE Software 17.3.1
Cisco IOS XE Software 17.3.2
Cisco IOS XE Software 17.3.3