Vulnerability in Virtual Keyboard Video Monitor Connection Handling of Cisco Products
CVE-2025-20317

7.1HIGH

Key Information:

Vendor: Cisco
Status: Cisco Unified Computing System (managed); Cisco Unified Computing System (standalone); Cisco Unified Computing System E-series Software (ucse)
Vendor: CVE Published:; 27 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-20317?

A security flaw in the handling of Virtual Keyboard Video Monitor (vKVM) connections within Cisco's Integrated Management Controller allows attackers to redirect unsuspecting users to malicious web pages. This issue arises from inadequate endpoint validation for vKVM, enabling unauthenticated remote attackers to exploit the vulnerability by crafting deceptive links. When clicked, these links can lead users to sites designed for credential capture, posing significant risks to user security and data integrity.

Affected Version(s)

Cisco Unified Computing System (Managed) 4.0(1a)

Cisco Unified Computing System (Managed) 3.2(3n)

Cisco Unified Computing System (Managed) 4.1(1a)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 27, 2025
Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Oct 10, 2024