Command Injection Vulnerability in Cisco Duo Self-Service Portal
CVE-2025-20258
5.4MEDIUM
What is CVE-2025-20258?
A command injection vulnerability exists in the self-service portal of Cisco Duo, allowing unauthenticated remote attackers to inject arbitrary commands into emails sent by the service. This vulnerability arises from inadequate input validation, enabling attackers to create and send emails containing malicious content to unsuspecting users. Such exploitation could lead to security breaches, potentially compromising user data and trust. Organizations using Cisco Duo should ensure they address this vulnerability promptly to protect their users from potential threats.
Affected Version(s)
Cisco Duo