CVE-2025-20235
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-25
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_management_center | 6.2.3 |
| cisco | secure_firewall_management_center | 6.2.3.1 |
| cisco | secure_firewall_management_center | 6.2.3.2 |
| cisco | secure_firewall_management_center | 6.2.3.3 |
| cisco | secure_firewall_management_center | 6.2.3.4 |
| cisco | secure_firewall_management_center | 6.2.3.5 |
| cisco | secure_firewall_management_center | 6.2.3.6 |
| cisco | secure_firewall_management_center | 6.2.3.7 |
| cisco | secure_firewall_management_center | 6.2.3.8 |
| cisco | secure_firewall_management_center | 6.2.3.9 |
| cisco | secure_firewall_management_center | 6.2.3.10 |
| cisco | secure_firewall_management_center | 6.2.3.11 |
| cisco | secure_firewall_management_center | 6.2.3.12 |
| cisco | secure_firewall_management_center | 6.2.3.13 |
| cisco | secure_firewall_management_center | 6.2.3.14 |
| cisco | secure_firewall_management_center | 6.2.3.15 |
| cisco | secure_firewall_management_center | 6.2.3.16 |
| cisco | secure_firewall_management_center | 6.2.3.17 |
| cisco | secure_firewall_management_center | 6.2.3.18 |
| cisco | secure_firewall_management_center | 6.4.0 |
| cisco | secure_firewall_management_center | 6.4.0.1 |
| cisco | secure_firewall_management_center | 6.4.0.2 |
| cisco | secure_firewall_management_center | 6.4.0.3 |
| cisco | secure_firewall_management_center | 6.4.0.4 |
| cisco | secure_firewall_management_center | 6.4.0.5 |
| cisco | secure_firewall_management_center | 6.4.0.6 |
| cisco | secure_firewall_management_center | 6.4.0.7 |
| cisco | secure_firewall_management_center | 6.4.0.8 |
| cisco | secure_firewall_management_center | 6.4.0.9 |
| cisco | secure_firewall_management_center | 6.4.0.10 |
| cisco | secure_firewall_management_center | 6.4.0.11 |
| cisco | secure_firewall_management_center | 6.4.0.12 |
| cisco | secure_firewall_management_center | 6.4.0.13 |
| cisco | secure_firewall_management_center | 6.4.0.14 |
| cisco | secure_firewall_management_center | 6.4.0.15 |
| cisco | secure_firewall_management_center | 6.4.0.16 |
| cisco | secure_firewall_management_center | 6.4.0.17 |
| cisco | secure_firewall_management_center | 6.4.0.18 |
| cisco | secure_firewall_management_center | 6.6.0 |
| cisco | secure_firewall_management_center | 6.6.0.1 |
| cisco | secure_firewall_management_center | 6.6.1 |
| cisco | secure_firewall_management_center | 6.6.3 |
| cisco | secure_firewall_management_center | 6.6.4 |
| cisco | secure_firewall_management_center | 6.6.5 |
| cisco | secure_firewall_management_center | 6.6.5.1 |
| cisco | secure_firewall_management_center | 6.6.5.2 |
| cisco | secure_firewall_management_center | 6.6.7 |
| cisco | secure_firewall_management_center | 6.6.7.1 |
| cisco | secure_firewall_management_center | 6.6.7.2 |
| cisco | secure_firewall_management_center | 7.0.0 |
| cisco | secure_firewall_management_center | 7.0.0.1 |
| cisco | secure_firewall_management_center | 7.0.1 |
| cisco | secure_firewall_management_center | 7.0.1.1 |
| cisco | secure_firewall_management_center | 7.0.2 |
| cisco | secure_firewall_management_center | 7.0.2.1 |
| cisco | secure_firewall_management_center | 7.0.3 |
| cisco | secure_firewall_management_center | 7.0.4 |
| cisco | secure_firewall_management_center | 7.0.5 |
| cisco | secure_firewall_management_center | 7.0.6 |
| cisco | secure_firewall_management_center | 7.0.6.1 |
| cisco | secure_firewall_management_center | 7.0.6.2 |
| cisco | secure_firewall_management_center | 7.0.6.3 |
| cisco | secure_firewall_management_center | 7.0.7 |
| cisco | secure_firewall_management_center | 7.1.0 |
| cisco | secure_firewall_management_center | 7.1.0.1 |
| cisco | secure_firewall_management_center | 7.1.0.2 |
| cisco | secure_firewall_management_center | 7.1.0.3 |
| cisco | secure_firewall_management_center | 7.2.0 |
| cisco | secure_firewall_management_center | 7.2.0.1 |
| cisco | secure_firewall_management_center | 7.2.1 |
| cisco | secure_firewall_management_center | 7.2.2 |
| cisco | secure_firewall_management_center | 7.2.3 |
| cisco | secure_firewall_management_center | 7.2.3.1 |
| cisco | secure_firewall_management_center | 7.2.4 |
| cisco | secure_firewall_management_center | 7.2.4.1 |
| cisco | secure_firewall_management_center | 7.2.5 |
| cisco | secure_firewall_management_center | 7.2.5.1 |
| cisco | secure_firewall_management_center | 7.2.5.2 |
| cisco | secure_firewall_management_center | 7.2.6 |
| cisco | secure_firewall_management_center | 7.2.7 |
| cisco | secure_firewall_management_center | 7.2.8 |
| cisco | secure_firewall_management_center | 7.2.8.1 |
| cisco | secure_firewall_management_center | 7.2.9 |
| cisco | secure_firewall_management_center | 7.3.0 |
| cisco | secure_firewall_management_center | 7.3.1 |
| cisco | secure_firewall_management_center | 7.3.1.1 |
| cisco | secure_firewall_management_center | 7.3.1.2 |
| cisco | secure_firewall_management_center | 7.4.0 |
| cisco | secure_firewall_management_center | 7.4.1 |
| cisco | secure_firewall_management_center | 7.4.1.1 |
| cisco | secure_firewall_management_center | 7.4.2 |
| cisco | secure_firewall_management_center | 7.4.2.1 |
| cisco | secure_firewall_management_center | 7.4.2.2 |
| cisco | secure_firewall_management_center | 7.6.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. It occurs because the interface does not properly validate user-supplied input, allowing an unauthenticated remote attacker to insert malicious script code into input fields. If exploited, the attacker can execute arbitrary scripts in the context of the interface or access sensitive information stored in the browser.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary scripts within the management interface, potentially leading to unauthorized access to sensitive browser-based information. This could result in compromised user sessions, theft of credentials, or manipulation of the interface, impacting the security and integrity of the firewall management environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70