CVE-2025-20342
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-27

Last updated on: 2025-08-29

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device. Note: The affected vKVM client is also included in Cisco UCS Manager.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-27
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20342
EUVD
EUVD-2025-25942
Affected Vendors & Products
Showing 30 associated CPEs
Vendor Product Version / Range
cisco expressway_series_appliances *
cisco prime_infrastructure_appliances *
cisco ucs_c-series_m7 *
cisco catalyst_8300_series_edge_ucpe *
cisco secure_firewall_management_center_appliances *
cisco secure_workload_servers *
cisco ucs_x-series_modular_system *
cisco ucs_e-series_m6 *
cisco hyperflex_nodes *
cisco ucs_manager *
cisco ucs_c-series_m8 *
cisco cyber_vision_center_appliances *
cisco ucs_c-series_m6 *
cisco catalyst_center_appliances *
cisco secure_malware_analytics_appliances *
cisco integrated_management_controller *
cisco telemetry_broker_appliance *
cisco iec6400_edge_compute_appliances *
cisco ios_xrv_9000_appliances *
cisco business_edition_6000 *
cisco cloud_services_platform_5000_series *
cisco nexus_dashboard_appliances *
cisco business_edition_7000 *
cisco secure_network_server_appliances *
cisco apic_servers *
cisco meeting_server_1000_appliances *
cisco connected_mobile_experiences_appliances *
cisco secure_endpoint_private_cloud_appliances *
cisco ucs_b-series_blade_servers *
cisco secure_network_analytics_appliances *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-80 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stored cross-site scripting (XSS) issue in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC). It occurs because the web-based management interface does not properly validate user-supplied input. An authenticated remote attacker with low privileges and valid vKVM access credentials can inject malicious script code into specific data fields. This malicious code can then execute in the context of the affected interface, potentially exposing sensitive browser-based information. [1]

Impact Analysis

If exploited, this vulnerability allows an attacker to execute arbitrary scripts within the web interface of the affected Cisco IMC system. This can lead to exposure of sensitive information accessible via the browser, and potentially compromise the security of the management interface. However, the attacker must have valid user credentials with vKVM access privileges to exploit this vulnerability. [1]

Detection Guidance

This vulnerability is a stored cross-site scripting (XSS) issue in the web-based management interface of Cisco IMC and related products. Detection involves verifying if your system is running a vulnerable software release and checking for unauthorized or suspicious script injections in the vKVM interface data fields. Since the vulnerability requires authenticated access with vKVM privileges, monitoring access logs for unusual activity or script injections in the interface may help. However, no specific detection commands or automated detection tools are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading affected Cisco products to the fixed software releases provided by Cisco. There are no workarounds available. Users should consult the Cisco security advisory for the specific fixed release versions applicable to their product family and apply those updates promptly. Additionally, contacting Cisco Technical Assistance Center (TAC) for support is recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart