Command Injection Vulnerability in Cisco Duo Self-Service Portal
CVE-2025-20258

5.4MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Duo
Vendor
CVE Published:
21 May 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-20258?

A command injection vulnerability exists in the self-service portal of Cisco Duo, allowing unauthenticated remote attackers to inject arbitrary commands into emails sent by the service. This vulnerability arises from inadequate input validation, enabling attackers to create and send emails containing malicious content to unsuspecting users. Such exploitation could lead to security breaches, potentially compromising user data and trust. Organizations using Cisco Duo should ensure they address this vulnerability promptly to protect their users from potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Duo

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.