CVE-2025-20218
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-25
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the affected device.
To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_management_center | 6.2.3 |
| cisco | secure_firewall_management_center | 6.2.3.1 |
| cisco | secure_firewall_management_center | 6.2.3.2 |
| cisco | secure_firewall_management_center | 6.2.3.3 |
| cisco | secure_firewall_management_center | 6.2.3.4 |
| cisco | secure_firewall_management_center | 6.2.3.5 |
| cisco | secure_firewall_management_center | 6.2.3.6 |
| cisco | secure_firewall_management_center | 6.2.3.7 |
| cisco | secure_firewall_management_center | 6.2.3.8 |
| cisco | secure_firewall_management_center | 6.2.3.9 |
| cisco | secure_firewall_management_center | 6.2.3.10 |
| cisco | secure_firewall_management_center | 6.2.3.11 |
| cisco | secure_firewall_management_center | 6.2.3.12 |
| cisco | secure_firewall_management_center | 6.2.3.13 |
| cisco | secure_firewall_management_center | 6.2.3.14 |
| cisco | secure_firewall_management_center | 6.2.3.15 |
| cisco | secure_firewall_management_center | 6.2.3.16 |
| cisco | secure_firewall_management_center | 6.2.3.17 |
| cisco | secure_firewall_management_center | 6.2.3.18 |
| cisco | secure_firewall_management_center | 6.4.0 |
| cisco | secure_firewall_management_center | 6.4.0.1 |
| cisco | secure_firewall_management_center | 6.4.0.2 |
| cisco | secure_firewall_management_center | 6.4.0.3 |
| cisco | secure_firewall_management_center | 6.4.0.4 |
| cisco | secure_firewall_management_center | 6.4.0.5 |
| cisco | secure_firewall_management_center | 6.4.0.6 |
| cisco | secure_firewall_management_center | 6.4.0.7 |
| cisco | secure_firewall_management_center | 6.4.0.8 |
| cisco | secure_firewall_management_center | 6.4.0.9 |
| cisco | secure_firewall_management_center | 6.4.0.10 |
| cisco | secure_firewall_management_center | 6.4.0.11 |
| cisco | secure_firewall_management_center | 6.4.0.12 |
| cisco | secure_firewall_management_center | 6.4.0.13 |
| cisco | secure_firewall_management_center | 6.4.0.14 |
| cisco | secure_firewall_management_center | 6.4.0.15 |
| cisco | secure_firewall_management_center | 6.4.0.16 |
| cisco | secure_firewall_management_center | 6.4.0.17 |
| cisco | secure_firewall_management_center | 6.4.0.18 |
| cisco | secure_firewall_management_center | 6.6.0 |
| cisco | secure_firewall_management_center | 6.6.0.1 |
| cisco | secure_firewall_management_center | 6.6.1 |
| cisco | secure_firewall_management_center | 6.6.3 |
| cisco | secure_firewall_management_center | 6.6.4 |
| cisco | secure_firewall_management_center | 6.6.5 |
| cisco | secure_firewall_management_center | 6.6.5.1 |
| cisco | secure_firewall_management_center | 6.6.5.2 |
| cisco | secure_firewall_management_center | 6.6.7 |
| cisco | secure_firewall_management_center | 6.6.7.1 |
| cisco | secure_firewall_management_center | 6.6.7.2 |
| cisco | secure_firewall_management_center | 7.0.0 |
| cisco | secure_firewall_management_center | 7.0.0.1 |
| cisco | secure_firewall_management_center | 7.0.1 |
| cisco | secure_firewall_management_center | 7.0.1.1 |
| cisco | secure_firewall_management_center | 7.0.2 |
| cisco | secure_firewall_management_center | 7.0.2.1 |
| cisco | secure_firewall_management_center | 7.0.3 |
| cisco | secure_firewall_management_center | 7.0.4 |
| cisco | secure_firewall_management_center | 7.0.5 |
| cisco | secure_firewall_management_center | 7.0.6 |
| cisco | secure_firewall_management_center | 7.0.6.1 |
| cisco | secure_firewall_management_center | 7.0.6.2 |
| cisco | secure_firewall_management_center | 7.0.6.3 |
| cisco | secure_firewall_management_center | 7.2.0 |
| cisco | secure_firewall_management_center | 7.2.0.1 |
| cisco | secure_firewall_management_center | 7.2.1 |
| cisco | secure_firewall_management_center | 7.2.2 |
| cisco | secure_firewall_management_center | 7.2.3 |
| cisco | secure_firewall_management_center | 7.2.3.1 |
| cisco | secure_firewall_management_center | 7.2.4 |
| cisco | secure_firewall_management_center | 7.2.4.1 |
| cisco | secure_firewall_management_center | 7.2.5 |
| cisco | secure_firewall_management_center | 7.2.5.1 |
| cisco | secure_firewall_management_center | 7.2.5.2 |
| cisco | secure_firewall_management_center | 7.2.6 |
| cisco | secure_firewall_management_center | 7.2.7 |
| cisco | secure_firewall_management_center | 7.2.8 |
| cisco | secure_firewall_management_center | 7.2.8.1 |
| cisco | secure_firewall_management_center | 7.2.9 |
| cisco | secure_firewall_management_center | 7.3.0 |
| cisco | secure_firewall_management_center | 7.3.1 |
| cisco | secure_firewall_management_center | 7.3.1.1 |
| cisco | secure_firewall_management_center | 7.3.1.2 |
| cisco | secure_firewall_management_center | 7.4.0 |
| cisco | secure_firewall_management_center | 7.4.1 |
| cisco | secure_firewall_management_center | 7.4.1.1 |
| cisco | secure_firewall_management_center | 7.4.2 |
| cisco | secure_firewall_management_center | 7.4.2.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-643 | The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. It allows an authenticated remote attacker, who has valid administrative credentials, to send a specially crafted request that exploits insufficient input validation. This can lead to the attacker retrieving sensitive information from the affected device.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with administrative access to retrieve sensitive information from the affected device. This could lead to unauthorized disclosure of confidential data, potentially compromising the security of the network and systems managed by the Cisco Secure Firewall Management Center.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that only trusted administrators have valid administrative credentials to access the web-based management interface. Limit access to the management interface to trusted networks and consider monitoring for unusual requests to the interface. Applying any available patches or updates from Cisco when released is also recommended.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70