CVE-2025-20338

MEDIUM EPSS 4.6%
Published Sep 24, 20259mo ago · Modified Jun 17, 20261w ago
6.7 CVSS 3.1
Medium
Find Similar
Published Sep 24, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

CVSS Details

Base Score
6.7
Exploitability
0.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-141

Affected Products 374

VendorProductVersionRange
ciscoios_xe3.5.0eany
ciscoios_xe3.5.0sqany
ciscoios_xe3.5.1eany
ciscoios_xe3.5.1sqany
ciscoios_xe3.5.2eany
ciscoios_xe3.5.2sqany
ciscoios_xe3.5.3eany
ciscoios_xe3.5.3sqany
ciscoios_xe3.5.4sqany
ciscoios_xe3.5.5sqany
ciscoios_xe3.5.6sqany
ciscoios_xe3.5.7sqany
ciscoios_xe3.5.8sqany
ciscoios_xe3.6.0eany
ciscoios_xe3.6.1eany
ciscoios_xe3.6.2aeany
ciscoios_xe3.6.2eany
ciscoios_xe3.6.3eany
ciscoios_xe3.6.4eany
ciscoios_xe3.6.5aeany
ciscoios_xe3.6.5eany
ciscoios_xe3.6.6eany
ciscoios_xe3.6.7beany
ciscoios_xe3.6.7eany
ciscoios_xe3.6.8eany
ciscoios_xe3.6.9eany
ciscoios_xe3.6.10eany
ciscoios_xe3.7.0eany
ciscoios_xe3.7.1eany
ciscoios_xe3.7.2eany
ciscoios_xe3.7.3eany
ciscoios_xe3.7.4eany
ciscoios_xe3.7.5eany
ciscoios_xe3.8.0eany
ciscoios_xe3.8.1eany
ciscoios_xe3.8.2eany
ciscoios_xe3.8.3eany
ciscoios_xe3.8.4eany
ciscoios_xe3.8.5aeany
ciscoios_xe3.8.5eany
ciscoios_xe3.8.6eany
ciscoios_xe3.8.7eany
ciscoios_xe3.8.8eany
ciscoios_xe3.8.9eany
ciscoios_xe3.8.10eany
ciscoios_xe3.8.10eeany
ciscoios_xe3.9.0eany
ciscoios_xe3.9.1eany
ciscoios_xe3.9.2eany
ciscoios_xe3.10.0ceany
ciscoios_xe3.10.0eany
ciscoios_xe3.10.1eany
ciscoios_xe3.10.2eany
ciscoios_xe3.10.3eany
ciscoios_xe3.11.0eany
ciscoios_xe3.11.0sany
ciscoios_xe3.11.1aeany
ciscoios_xe3.11.1eany
ciscoios_xe3.11.1sany
ciscoios_xe3.11.2eany
ciscoios_xe3.11.2sany
ciscoios_xe3.11.3aeany
ciscoios_xe3.11.3eany
ciscoios_xe3.11.3sany
ciscoios_xe3.11.4eany
ciscoios_xe3.11.4sany
ciscoios_xe3.11.5eany
ciscoios_xe3.11.6eany
ciscoios_xe3.11.7eany
ciscoios_xe3.11.8eany
ciscoios_xe3.11.9eany
ciscoios_xe3.11.10eany
ciscoios_xe3.11.11eany
ciscoios_xe3.11.12eany
ciscoios_xe3.12.0asany
ciscoios_xe3.12.0sany
ciscoios_xe3.12.1sany
ciscoios_xe3.12.2sany
ciscoios_xe3.12.3sany
ciscoios_xe3.12.4sany
ciscoios_xe3.13.0asany
ciscoios_xe3.13.0sany
ciscoios_xe3.13.1sany
ciscoios_xe3.13.2asany
ciscoios_xe3.13.2sany
ciscoios_xe3.13.3sany
ciscoios_xe3.13.4sany
ciscoios_xe3.13.5asany
ciscoios_xe3.13.5sany
ciscoios_xe3.13.6asany
ciscoios_xe3.13.6sany
ciscoios_xe3.13.7asany
ciscoios_xe3.13.7sany
ciscoios_xe3.13.8sany
ciscoios_xe3.13.9sany
ciscoios_xe3.13.10sany
ciscoios_xe3.14.0sany
ciscoios_xe3.14.1sany
ciscoios_xe3.14.2sany
ciscoios_xe3.14.3sany
ciscoios_xe3.14.4sany
ciscoios_xe3.15.0sany
ciscoios_xe3.15.1csany
ciscoios_xe3.15.1sany
ciscoios_xe3.15.2sany
ciscoios_xe3.15.3sany
ciscoios_xe3.15.4sany
ciscoios_xe3.16.0csany
ciscoios_xe3.16.0sany
ciscoios_xe3.16.1asany
ciscoios_xe3.16.1sany
ciscoios_xe3.16.2asany
ciscoios_xe3.16.2bsany
ciscoios_xe3.16.2sany
ciscoios_xe3.16.3asany
ciscoios_xe3.16.3sany
ciscoios_xe3.16.4asany
ciscoios_xe3.16.4bsany
ciscoios_xe3.16.4dsany
ciscoios_xe3.16.4sany
ciscoios_xe3.16.5sany
ciscoios_xe3.16.6bsany
ciscoios_xe3.16.6sany
ciscoios_xe3.16.7asany
ciscoios_xe3.16.7bsany
ciscoios_xe3.16.7sany
ciscoios_xe3.16.8sany
ciscoios_xe3.16.9sany
ciscoios_xe3.16.10sany
ciscoios_xe3.17.0sany
ciscoios_xe3.17.1asany
ciscoios_xe3.17.1sany
ciscoios_xe3.17.2sany
ciscoios_xe3.17.3sany
ciscoios_xe3.17.4sany
ciscoios_xe3.18.0asany
ciscoios_xe3.18.0sany
ciscoios_xe3.18.0spany
ciscoios_xe3.18.1aspany
ciscoios_xe3.18.1bspany
ciscoios_xe3.18.1cspany
ciscoios_xe3.18.1sany
ciscoios_xe3.18.1spany
ciscoios_xe3.18.2aspany
ciscoios_xe3.18.2sany
ciscoios_xe3.18.2spany
ciscoios_xe3.18.3aspany
ciscoios_xe3.18.3bspany
ciscoios_xe3.18.3sany
ciscoios_xe3.18.3spany
ciscoios_xe3.18.4sany
ciscoios_xe3.18.4spany
ciscoios_xe3.18.5spany
ciscoios_xe3.18.6spany
ciscoios_xe3.18.7spany
ciscoios_xe3.18.8aspany
ciscoios_xe3.18.9spany
ciscoios_xe16.6.1any
ciscoios_xe16.6.2any
ciscoios_xe16.6.3any
ciscoios_xe16.6.4any
ciscoios_xe16.6.4aany
ciscoios_xe16.6.5any
ciscoios_xe16.6.5aany
ciscoios_xe16.6.6any
ciscoios_xe16.6.7any
ciscoios_xe16.6.8any
ciscoios_xe16.6.9any
ciscoios_xe16.6.10any
ciscoios_xe16.7.1any
ciscoios_xe16.7.1aany
ciscoios_xe16.7.1bany
ciscoios_xe16.7.2any
ciscoios_xe16.7.3any
ciscoios_xe16.7.4any
ciscoios_xe16.8.1any
ciscoios_xe16.8.1aany
ciscoios_xe16.8.1bany
ciscoios_xe16.8.1cany
ciscoios_xe16.8.1dany
ciscoios_xe16.8.1eany
ciscoios_xe16.8.1sany
ciscoios_xe16.8.2any
ciscoios_xe16.8.3any
ciscoios_xe16.9.1any
ciscoios_xe16.9.1aany
ciscoios_xe16.9.1bany
ciscoios_xe16.9.1sany
ciscoios_xe16.9.2any
ciscoios_xe16.9.3any
ciscoios_xe16.9.3aany
ciscoios_xe16.9.4any
ciscoios_xe16.9.5any
ciscoios_xe16.9.5fany
ciscoios_xe16.9.6any
ciscoios_xe16.9.7any
ciscoios_xe16.9.8any
ciscoios_xe16.10.1any
ciscoios_xe16.10.1aany
ciscoios_xe16.10.1bany
ciscoios_xe16.10.1cany
ciscoios_xe16.10.1dany
ciscoios_xe16.10.1eany
ciscoios_xe16.10.1fany
ciscoios_xe16.10.1gany
ciscoios_xe16.10.1sany
ciscoios_xe16.10.2any
ciscoios_xe16.10.3any
ciscoios_xe16.11.1any
ciscoios_xe16.11.1aany
ciscoios_xe16.11.1bany
ciscoios_xe16.11.1sany
ciscoios_xe16.11.2any
ciscoios_xe16.12.1any
ciscoios_xe16.12.1aany
ciscoios_xe16.12.1cany
ciscoios_xe16.12.1sany
ciscoios_xe16.12.1tany
ciscoios_xe16.12.1wany
ciscoios_xe16.12.1xany
ciscoios_xe16.12.1yany
ciscoios_xe16.12.1z1any
ciscoios_xe16.12.1z2any
ciscoios_xe16.12.2any
ciscoios_xe16.12.2aany
ciscoios_xe16.12.2sany
ciscoios_xe16.12.3any
ciscoios_xe16.12.3aany
ciscoios_xe16.12.3sany
ciscoios_xe16.12.4any
ciscoios_xe16.12.4aany
ciscoios_xe16.12.5any
ciscoios_xe16.12.5aany
ciscoios_xe16.12.5bany
ciscoios_xe16.12.6any
ciscoios_xe16.12.6aany
ciscoios_xe16.12.7any
ciscoios_xe16.12.8any
ciscoios_xe16.12.9any
ciscoios_xe16.12.10any
ciscoios_xe16.12.10aany
ciscoios_xe16.12.11any
ciscoios_xe16.12.12any
ciscoios_xe16.12.13any
ciscoios_xe17.1.1any
ciscoios_xe17.1.1aany
ciscoios_xe17.1.1sany
ciscoios_xe17.1.1tany
ciscoios_xe17.1.3any
ciscoios_xe17.2.1any
ciscoios_xe17.2.1aany
ciscoios_xe17.2.1rany
ciscoios_xe17.2.1vany
ciscoios_xe17.2.2any
ciscoios_xe17.2.3any
ciscoios_xe17.3.1any
ciscoios_xe17.3.1aany
ciscoios_xe17.3.1wany
ciscoios_xe17.3.1xany
ciscoios_xe17.3.1zany
ciscoios_xe17.3.2any
ciscoios_xe17.3.2aany
ciscoios_xe17.3.3any
ciscoios_xe17.3.4any
ciscoios_xe17.3.4aany
ciscoios_xe17.3.4bany
ciscoios_xe17.3.4cany
ciscoios_xe17.3.5any
ciscoios_xe17.3.5aany
ciscoios_xe17.3.5bany
ciscoios_xe17.3.6any
ciscoios_xe17.3.7any
ciscoios_xe17.3.8any
ciscoios_xe17.3.8aany
ciscoios_xe17.4.1any
ciscoios_xe17.4.1aany
ciscoios_xe17.4.1bany
ciscoios_xe17.4.2any
ciscoios_xe17.4.2aany
ciscoios_xe17.5.1any
ciscoios_xe17.5.1aany
ciscoios_xe17.6.1any
ciscoios_xe17.6.1aany
ciscoios_xe17.6.1wany
ciscoios_xe17.6.1xany
ciscoios_xe17.6.1yany
ciscoios_xe17.6.1zany
ciscoios_xe17.6.1z1any
ciscoios_xe17.6.2any
ciscoios_xe17.6.3any
ciscoios_xe17.6.3aany
ciscoios_xe17.6.4any
ciscoios_xe17.6.5any
ciscoios_xe17.6.5aany
ciscoios_xe17.6.6any
ciscoios_xe17.6.6aany
ciscoios_xe17.6.7any
ciscoios_xe17.6.8any
ciscoios_xe17.6.8aany
ciscoios_xe17.7.1any
ciscoios_xe17.7.1aany
ciscoios_xe17.7.1bany
ciscoios_xe17.7.2any
ciscoios_xe17.8.1any
ciscoios_xe17.8.1aany
ciscoios_xe17.9.1any
ciscoios_xe17.9.1aany
ciscoios_xe17.9.1wany
ciscoios_xe17.9.1xany
ciscoios_xe17.9.1x1any
ciscoios_xe17.9.1yany
ciscoios_xe17.9.1y1any
ciscoios_xe17.9.2any
ciscoios_xe17.9.2aany
ciscoios_xe17.9.3any
ciscoios_xe17.9.3aany
ciscoios_xe17.9.4any
ciscoios_xe17.9.4aany
ciscoios_xe17.9.5any
ciscoios_xe17.9.5aany
ciscoios_xe17.9.5bany
ciscoios_xe17.9.5eany
ciscoios_xe17.9.5fany
ciscoios_xe17.9.6any
ciscoios_xe17.9.6aany
ciscoios_xe17.9.7any
ciscoios_xe17.9.7aany
ciscoios_xe17.9.7bany
ciscoios_xe17.10.1any
ciscoios_xe17.10.1aany
ciscoios_xe17.10.1bany
ciscoios_xe17.11.1any
ciscoios_xe17.11.1aany
ciscoios_xe17.12.1any
ciscoios_xe17.12.1aany
ciscoios_xe17.12.1wany
ciscoios_xe17.12.1xany
ciscoios_xe17.12.1yany
ciscoios_xe17.12.1zany
ciscoios_xe17.12.1z1any
ciscoios_xe17.12.1z2any
ciscoios_xe17.12.1z3any
ciscoios_xe17.12.1z4any
ciscoios_xe17.12.2any
ciscoios_xe17.12.2aany
ciscoios_xe17.12.3any
ciscoios_xe17.12.3aany
ciscoios_xe17.12.4any
ciscoios_xe17.12.4aany
ciscoios_xe17.12.4bany
ciscoios_xe17.12.5any
ciscoios_xe17.12.5aany
ciscoios_xe17.12.5bany
ciscoios_xe17.12.5cany
ciscoios_xe17.13.1any
ciscoios_xe17.13.1aany
ciscoios_xe17.14.1any
ciscoios_xe17.14.1aany
ciscoios_xe17.15.1any
ciscoios_xe17.15.1aany
ciscoios_xe17.15.1bany
ciscoios_xe17.15.1wany
ciscoios_xe17.15.1xany
ciscoios_xe17.15.1yany
ciscoios_xe17.15.1zany
ciscoios_xe17.15.2any
ciscoios_xe17.15.2aany
ciscoios_xe17.15.2bany
ciscoios_xe17.15.2cany
ciscoios_xe17.15.3any
ciscoios_xe17.15.3aany
ciscoios_xe17.15.3bany
ciscoios_xe17.16.1any
ciscoios_xe17.16.1aany

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.