CVE-2025-20186

HIGH EPSS 63.1%
Published May 7, 20251y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published May 7, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
63.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 76

VendorProductVersionRange
ciscoios_xe16.12.4any
ciscoios_xe16.12.4aany
ciscoios_xe16.12.5any
ciscoios_xe16.12.6any
ciscoios_xe16.12.6aany
ciscoios_xe16.12.7any
ciscoios_xe16.12.8any
ciscoios_xe17.2.2any
ciscoios_xe17.2.3any
ciscoios_xe17.3.1any
ciscoios_xe17.3.1aany
ciscoios_xe17.3.2any
ciscoios_xe17.3.2aany
ciscoios_xe17.3.3any
ciscoios_xe17.3.4any
ciscoios_xe17.3.4aany
ciscoios_xe17.3.4cany
ciscoios_xe17.3.5any
ciscoios_xe17.3.5aany
ciscoios_xe17.3.5bany
ciscoios_xe17.3.6any
ciscoios_xe17.3.7any
ciscoios_xe17.3.8any
ciscoios_xe17.3.8aany
ciscoios_xe17.4.1any
ciscoios_xe17.4.1aany
ciscoios_xe17.4.1bany
ciscoios_xe17.4.2any
ciscoios_xe17.5.1any
ciscoios_xe17.5.1aany
ciscoios_xe17.6.1any
ciscoios_xe17.6.1aany
ciscoios_xe17.6.1yany
ciscoios_xe17.6.2any
ciscoios_xe17.6.3any
ciscoios_xe17.6.3aany
ciscoios_xe17.6.4any
ciscoios_xe17.6.5any
ciscoios_xe17.6.5aany
ciscoios_xe17.6.6any
ciscoios_xe17.6.6aany
ciscoios_xe17.6.7any
ciscoios_xe17.7.1any
ciscoios_xe17.7.1aany
ciscoios_xe17.7.2any
ciscoios_xe17.8.1any
ciscoios_xe17.8.1aany
ciscoios_xe17.9.1any
ciscoios_xe17.9.1aany
ciscoios_xe17.9.2any
ciscoios_xe17.9.2aany
ciscoios_xe17.9.3any
ciscoios_xe17.9.3aany
ciscoios_xe17.9.4any
ciscoios_xe17.9.4aany
ciscoios_xe17.9.5any
ciscoios_xe17.9.5aany
ciscoios_xe17.9.5bany
ciscoios_xe17.9.5eany
ciscoios_xe17.9.5fany
ciscoios_xe17.10.1any
ciscoios_xe17.10.1aany
ciscoios_xe17.11.1any
ciscoios_xe17.11.1aany
ciscoios_xe17.12.1any
ciscoios_xe17.12.1aany
ciscoios_xe17.12.2any
ciscoios_xe17.12.3any
ciscoios_xe17.12.3aany
ciscoios_xe17.12.4any
ciscoios_xe17.12.4aany
ciscoios_xe17.12.4bany
ciscoios_xe17.13.1any
ciscoios_xe17.13.1aany
ciscoios_xe17.14.1any
ciscoios_xe17.14.1aany

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.