Vulnerability in Virtual Keyboard Video Monitor Connection Handling of Cisco Products
CVE-2025-20317

7.1HIGH

Key Information:

Vendor

Cisco
Status
Cisco Unified Computing System (managed)
Cisco Unified Computing System (standalone)
Cisco Unified Computing System E-series Software (ucse)
Vendor
CVE Published:
27 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-20317?

A security flaw in the handling of Virtual Keyboard Video Monitor (vKVM) connections within Cisco's Integrated Management Controller allows attackers to redirect unsuspecting users to malicious web pages. This issue arises from inadequate endpoint validation for vKVM, enabling unauthenticated remote attackers to exploit the vulnerability by crafting deceptive links. When clicked, these links can lead users to sites designed for credential capture, posing significant risks to user security and data integrity.

Affected Version(s)

Cisco Unified Computing System (Managed) 4.0(1a)

Cisco Unified Computing System (Managed) 3.2(3n)

Cisco Unified Computing System (Managed) 4.1(1a)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-20317 : Vulnerability in Virtual Keyboard Video Monitor Connection Handling of Cisco Products