CVE-2025-20338
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-11-14
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xe | 3.5.0e |
| cisco | ios_xe | 3.5.0sq |
| cisco | ios_xe | 3.5.1e |
| cisco | ios_xe | 3.5.1sq |
| cisco | ios_xe | 3.5.2e |
| cisco | ios_xe | 3.5.2sq |
| cisco | ios_xe | 3.5.3e |
| cisco | ios_xe | 3.5.3sq |
| cisco | ios_xe | 3.5.4sq |
| cisco | ios_xe | 3.5.5sq |
| cisco | ios_xe | 3.5.6sq |
| cisco | ios_xe | 3.5.7sq |
| cisco | ios_xe | 3.5.8sq |
| cisco | ios_xe | 3.6.0e |
| cisco | ios_xe | 3.6.1e |
| cisco | ios_xe | 3.6.2ae |
| cisco | ios_xe | 3.6.2e |
| cisco | ios_xe | 3.6.3e |
| cisco | ios_xe | 3.6.4e |
| cisco | ios_xe | 3.6.5ae |
| cisco | ios_xe | 3.6.5e |
| cisco | ios_xe | 3.6.6e |
| cisco | ios_xe | 3.6.7be |
| cisco | ios_xe | 3.6.7e |
| cisco | ios_xe | 3.6.8e |
| cisco | ios_xe | 3.6.9e |
| cisco | ios_xe | 3.6.10e |
| cisco | ios_xe | 3.7.0e |
| cisco | ios_xe | 3.7.1e |
| cisco | ios_xe | 3.7.2e |
| cisco | ios_xe | 3.7.3e |
| cisco | ios_xe | 3.7.4e |
| cisco | ios_xe | 3.7.5e |
| cisco | ios_xe | 3.8.0e |
| cisco | ios_xe | 3.8.1e |
| cisco | ios_xe | 3.8.2e |
| cisco | ios_xe | 3.8.3e |
| cisco | ios_xe | 3.8.4e |
| cisco | ios_xe | 3.8.5ae |
| cisco | ios_xe | 3.8.5e |
| cisco | ios_xe | 3.8.6e |
| cisco | ios_xe | 3.8.7e |
| cisco | ios_xe | 3.8.8e |
| cisco | ios_xe | 3.8.9e |
| cisco | ios_xe | 3.8.10e |
| cisco | ios_xe | 3.8.10ee |
| cisco | ios_xe | 3.9.0e |
| cisco | ios_xe | 3.9.1e |
| cisco | ios_xe | 3.9.2e |
| cisco | ios_xe | 3.10.0ce |
| cisco | ios_xe | 3.10.0e |
| cisco | ios_xe | 3.10.1e |
| cisco | ios_xe | 3.10.2e |
| cisco | ios_xe | 3.10.3e |
| cisco | ios_xe | 3.11.0e |
| cisco | ios_xe | 3.11.0s |
| cisco | ios_xe | 3.11.1ae |
| cisco | ios_xe | 3.11.1e |
| cisco | ios_xe | 3.11.1s |
| cisco | ios_xe | 3.11.2e |
| cisco | ios_xe | 3.11.2s |
| cisco | ios_xe | 3.11.3ae |
| cisco | ios_xe | 3.11.3e |
| cisco | ios_xe | 3.11.3s |
| cisco | ios_xe | 3.11.4e |
| cisco | ios_xe | 3.11.4s |
| cisco | ios_xe | 3.11.5e |
| cisco | ios_xe | 3.11.6e |
| cisco | ios_xe | 3.11.7e |
| cisco | ios_xe | 3.11.8e |
| cisco | ios_xe | 3.11.9e |
| cisco | ios_xe | 3.11.10e |
| cisco | ios_xe | 3.11.11e |
| cisco | ios_xe | 3.11.12e |
| cisco | ios_xe | 3.12.0as |
| cisco | ios_xe | 3.12.0s |
| cisco | ios_xe | 3.12.1s |
| cisco | ios_xe | 3.12.2s |
| cisco | ios_xe | 3.12.3s |
| cisco | ios_xe | 3.12.4s |
| cisco | ios_xe | 3.13.0as |
| cisco | ios_xe | 3.13.0s |
| cisco | ios_xe | 3.13.1s |
| cisco | ios_xe | 3.13.2as |
| cisco | ios_xe | 3.13.2s |
| cisco | ios_xe | 3.13.3s |
| cisco | ios_xe | 3.13.4s |
| cisco | ios_xe | 3.13.5as |
| cisco | ios_xe | 3.13.5s |
| cisco | ios_xe | 3.13.6as |
| cisco | ios_xe | 3.13.6s |
| cisco | ios_xe | 3.13.7as |
| cisco | ios_xe | 3.13.7s |
| cisco | ios_xe | 3.13.8s |
| cisco | ios_xe | 3.13.9s |
| cisco | ios_xe | 3.13.10s |
| cisco | ios_xe | 3.14.0s |
| cisco | ios_xe | 3.14.1s |
| cisco | ios_xe | 3.14.2s |
| cisco | ios_xe | 3.14.3s |
| cisco | ios_xe | 3.14.4s |
| cisco | ios_xe | 3.15.0s |
| cisco | ios_xe | 3.15.1cs |
| cisco | ios_xe | 3.15.1s |
| cisco | ios_xe | 3.15.2s |
| cisco | ios_xe | 3.15.3s |
| cisco | ios_xe | 3.15.4s |
| cisco | ios_xe | 3.16.0cs |
| cisco | ios_xe | 3.16.0s |
| cisco | ios_xe | 3.16.1as |
| cisco | ios_xe | 3.16.1s |
| cisco | ios_xe | 3.16.2as |
| cisco | ios_xe | 3.16.2bs |
| cisco | ios_xe | 3.16.2s |
| cisco | ios_xe | 3.16.3as |
| cisco | ios_xe | 3.16.3s |
| cisco | ios_xe | 3.16.4as |
| cisco | ios_xe | 3.16.4bs |
| cisco | ios_xe | 3.16.4ds |
| cisco | ios_xe | 3.16.4s |
| cisco | ios_xe | 3.16.5s |
| cisco | ios_xe | 3.16.6bs |
| cisco | ios_xe | 3.16.6s |
| cisco | ios_xe | 3.16.7as |
| cisco | ios_xe | 3.16.7bs |
| cisco | ios_xe | 3.16.7s |
| cisco | ios_xe | 3.16.8s |
| cisco | ios_xe | 3.16.9s |
| cisco | ios_xe | 3.16.10s |
| cisco | ios_xe | 3.17.0s |
| cisco | ios_xe | 3.17.1as |
| cisco | ios_xe | 3.17.1s |
| cisco | ios_xe | 3.17.2s |
| cisco | ios_xe | 3.17.3s |
| cisco | ios_xe | 3.17.4s |
| cisco | ios_xe | 3.18.0as |
| cisco | ios_xe | 3.18.0s |
| cisco | ios_xe | 3.18.0sp |
| cisco | ios_xe | 3.18.1asp |
| cisco | ios_xe | 3.18.1bsp |
| cisco | ios_xe | 3.18.1csp |
| cisco | ios_xe | 3.18.1s |
| cisco | ios_xe | 3.18.1sp |
| cisco | ios_xe | 3.18.2asp |
| cisco | ios_xe | 3.18.2s |
| cisco | ios_xe | 3.18.2sp |
| cisco | ios_xe | 3.18.3asp |
| cisco | ios_xe | 3.18.3bsp |
| cisco | ios_xe | 3.18.3s |
| cisco | ios_xe | 3.18.3sp |
| cisco | ios_xe | 3.18.4s |
| cisco | ios_xe | 3.18.4sp |
| cisco | ios_xe | 3.18.5sp |
| cisco | ios_xe | 3.18.6sp |
| cisco | ios_xe | 3.18.7sp |
| cisco | ios_xe | 3.18.8asp |
| cisco | ios_xe | 3.18.9sp |
| cisco | ios_xe | 16.6.1 |
| cisco | ios_xe | 16.6.2 |
| cisco | ios_xe | 16.6.3 |
| cisco | ios_xe | 16.6.4 |
| cisco | ios_xe | 16.6.4a |
| cisco | ios_xe | 16.6.5 |
| cisco | ios_xe | 16.6.5a |
| cisco | ios_xe | 16.6.6 |
| cisco | ios_xe | 16.6.7 |
| cisco | ios_xe | 16.6.8 |
| cisco | ios_xe | 16.6.9 |
| cisco | ios_xe | 16.6.10 |
| cisco | ios_xe | 16.7.1 |
| cisco | ios_xe | 16.7.1a |
| cisco | ios_xe | 16.7.1b |
| cisco | ios_xe | 16.7.2 |
| cisco | ios_xe | 16.7.3 |
| cisco | ios_xe | 16.7.4 |
| cisco | ios_xe | 16.8.1 |
| cisco | ios_xe | 16.8.1a |
| cisco | ios_xe | 16.8.1b |
| cisco | ios_xe | 16.8.1c |
| cisco | ios_xe | 16.8.1d |
| cisco | ios_xe | 16.8.1e |
| cisco | ios_xe | 16.8.1s |
| cisco | ios_xe | 16.8.2 |
| cisco | ios_xe | 16.8.3 |
| cisco | ios_xe | 16.9.1 |
| cisco | ios_xe | 16.9.1a |
| cisco | ios_xe | 16.9.1b |
| cisco | ios_xe | 16.9.1s |
| cisco | ios_xe | 16.9.2 |
| cisco | ios_xe | 16.9.3 |
| cisco | ios_xe | 16.9.3a |
| cisco | ios_xe | 16.9.4 |
| cisco | ios_xe | 16.9.5 |
| cisco | ios_xe | 16.9.5f |
| cisco | ios_xe | 16.9.6 |
| cisco | ios_xe | 16.9.7 |
| cisco | ios_xe | 16.9.8 |
| cisco | ios_xe | 16.10.1 |
| cisco | ios_xe | 16.10.1a |
| cisco | ios_xe | 16.10.1b |
| cisco | ios_xe | 16.10.1c |
| cisco | ios_xe | 16.10.1d |
| cisco | ios_xe | 16.10.1e |
| cisco | ios_xe | 16.10.1f |
| cisco | ios_xe | 16.10.1g |
| cisco | ios_xe | 16.10.1s |
| cisco | ios_xe | 16.10.2 |
| cisco | ios_xe | 16.10.3 |
| cisco | ios_xe | 16.11.1 |
| cisco | ios_xe | 16.11.1a |
| cisco | ios_xe | 16.11.1b |
| cisco | ios_xe | 16.11.1s |
| cisco | ios_xe | 16.11.2 |
| cisco | ios_xe | 16.12.1 |
| cisco | ios_xe | 16.12.1a |
| cisco | ios_xe | 16.12.1c |
| cisco | ios_xe | 16.12.1s |
| cisco | ios_xe | 16.12.1t |
| cisco | ios_xe | 16.12.1w |
| cisco | ios_xe | 16.12.1x |
| cisco | ios_xe | 16.12.1y |
| cisco | ios_xe | 16.12.1z1 |
| cisco | ios_xe | 16.12.1z2 |
| cisco | ios_xe | 16.12.2 |
| cisco | ios_xe | 16.12.2a |
| cisco | ios_xe | 16.12.2s |
| cisco | ios_xe | 16.12.3 |
| cisco | ios_xe | 16.12.3a |
| cisco | ios_xe | 16.12.3s |
| cisco | ios_xe | 16.12.4 |
| cisco | ios_xe | 16.12.4a |
| cisco | ios_xe | 16.12.5 |
| cisco | ios_xe | 16.12.5a |
| cisco | ios_xe | 16.12.5b |
| cisco | ios_xe | 16.12.6 |
| cisco | ios_xe | 16.12.6a |
| cisco | ios_xe | 16.12.7 |
| cisco | ios_xe | 16.12.8 |
| cisco | ios_xe | 16.12.9 |
| cisco | ios_xe | 16.12.10 |
| cisco | ios_xe | 16.12.10a |
| cisco | ios_xe | 16.12.11 |
| cisco | ios_xe | 16.12.12 |
| cisco | ios_xe | 16.12.13 |
| cisco | ios_xe | 17.1.1 |
| cisco | ios_xe | 17.1.1a |
| cisco | ios_xe | 17.1.1s |
| cisco | ios_xe | 17.1.1t |
| cisco | ios_xe | 17.1.3 |
| cisco | ios_xe | 17.2.1 |
| cisco | ios_xe | 17.2.1a |
| cisco | ios_xe | 17.2.1r |
| cisco | ios_xe | 17.2.1v |
| cisco | ios_xe | 17.2.2 |
| cisco | ios_xe | 17.2.3 |
| cisco | ios_xe | 17.3.1 |
| cisco | ios_xe | 17.3.1a |
| cisco | ios_xe | 17.3.1w |
| cisco | ios_xe | 17.3.1x |
| cisco | ios_xe | 17.3.1z |
| cisco | ios_xe | 17.3.2 |
| cisco | ios_xe | 17.3.2a |
| cisco | ios_xe | 17.3.3 |
| cisco | ios_xe | 17.3.4 |
| cisco | ios_xe | 17.3.4a |
| cisco | ios_xe | 17.3.4b |
| cisco | ios_xe | 17.3.4c |
| cisco | ios_xe | 17.3.5 |
| cisco | ios_xe | 17.3.5a |
| cisco | ios_xe | 17.3.5b |
| cisco | ios_xe | 17.3.6 |
| cisco | ios_xe | 17.3.7 |
| cisco | ios_xe | 17.3.8 |
| cisco | ios_xe | 17.3.8a |
| cisco | ios_xe | 17.4.1 |
| cisco | ios_xe | 17.4.1a |
| cisco | ios_xe | 17.4.1b |
| cisco | ios_xe | 17.4.2 |
| cisco | ios_xe | 17.4.2a |
| cisco | ios_xe | 17.5.1 |
| cisco | ios_xe | 17.5.1a |
| cisco | ios_xe | 17.6.1 |
| cisco | ios_xe | 17.6.1a |
| cisco | ios_xe | 17.6.1w |
| cisco | ios_xe | 17.6.1x |
| cisco | ios_xe | 17.6.1y |
| cisco | ios_xe | 17.6.1z |
| cisco | ios_xe | 17.6.1z1 |
| cisco | ios_xe | 17.6.2 |
| cisco | ios_xe | 17.6.3 |
| cisco | ios_xe | 17.6.3a |
| cisco | ios_xe | 17.6.4 |
| cisco | ios_xe | 17.6.5 |
| cisco | ios_xe | 17.6.5a |
| cisco | ios_xe | 17.6.6 |
| cisco | ios_xe | 17.6.6a |
| cisco | ios_xe | 17.6.7 |
| cisco | ios_xe | 17.6.8 |
| cisco | ios_xe | 17.6.8a |
| cisco | ios_xe | 17.7.1 |
| cisco | ios_xe | 17.7.1a |
| cisco | ios_xe | 17.7.1b |
| cisco | ios_xe | 17.7.2 |
| cisco | ios_xe | 17.8.1 |
| cisco | ios_xe | 17.8.1a |
| cisco | ios_xe | 17.9.1 |
| cisco | ios_xe | 17.9.1a |
| cisco | ios_xe | 17.9.1w |
| cisco | ios_xe | 17.9.1x |
| cisco | ios_xe | 17.9.1x1 |
| cisco | ios_xe | 17.9.1y |
| cisco | ios_xe | 17.9.1y1 |
| cisco | ios_xe | 17.9.2 |
| cisco | ios_xe | 17.9.2a |
| cisco | ios_xe | 17.9.3 |
| cisco | ios_xe | 17.9.3a |
| cisco | ios_xe | 17.9.4 |
| cisco | ios_xe | 17.9.4a |
| cisco | ios_xe | 17.9.5 |
| cisco | ios_xe | 17.9.5a |
| cisco | ios_xe | 17.9.5b |
| cisco | ios_xe | 17.9.5e |
| cisco | ios_xe | 17.9.5f |
| cisco | ios_xe | 17.9.6 |
| cisco | ios_xe | 17.9.6a |
| cisco | ios_xe | 17.9.7 |
| cisco | ios_xe | 17.9.7a |
| cisco | ios_xe | 17.9.7b |
| cisco | ios_xe | 17.10.1 |
| cisco | ios_xe | 17.10.1a |
| cisco | ios_xe | 17.10.1b |
| cisco | ios_xe | 17.11.1 |
| cisco | ios_xe | 17.11.1a |
| cisco | ios_xe | 17.12.1 |
| cisco | ios_xe | 17.12.1a |
| cisco | ios_xe | 17.12.1w |
| cisco | ios_xe | 17.12.1x |
| cisco | ios_xe | 17.12.1y |
| cisco | ios_xe | 17.12.1z |
| cisco | ios_xe | 17.12.1z1 |
| cisco | ios_xe | 17.12.1z2 |
| cisco | ios_xe | 17.12.1z3 |
| cisco | ios_xe | 17.12.1z4 |
| cisco | ios_xe | 17.12.2 |
| cisco | ios_xe | 17.12.2a |
| cisco | ios_xe | 17.12.3 |
| cisco | ios_xe | 17.12.3a |
| cisco | ios_xe | 17.12.4 |
| cisco | ios_xe | 17.12.4a |
| cisco | ios_xe | 17.12.4b |
| cisco | ios_xe | 17.12.5 |
| cisco | ios_xe | 17.12.5a |
| cisco | ios_xe | 17.12.5b |
| cisco | ios_xe | 17.12.5c |
| cisco | ios_xe | 17.13.1 |
| cisco | ios_xe | 17.13.1a |
| cisco | ios_xe | 17.14.1 |
| cisco | ios_xe | 17.14.1a |
| cisco | ios_xe | 17.15.1 |
| cisco | ios_xe | 17.15.1a |
| cisco | ios_xe | 17.15.1b |
| cisco | ios_xe | 17.15.1w |
| cisco | ios_xe | 17.15.1x |
| cisco | ios_xe | 17.15.1y |
| cisco | ios_xe | 17.15.1z |
| cisco | ios_xe | 17.15.2 |
| cisco | ios_xe | 17.15.2a |
| cisco | ios_xe | 17.15.2b |
| cisco | ios_xe | 17.15.2c |
| cisco | ios_xe | 17.15.3 |
| cisco | ios_xe | 17.15.3a |
| cisco | ios_xe | 17.15.3b |
| cisco | ios_xe | 17.16.1 |
| cisco | ios_xe | 17.16.1a |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-141 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the CLI of Cisco IOS XE Software and allows an authenticated local attacker with administrative privileges to execute arbitrary commands as root on the device's underlying operating system. It is caused by insufficient validation of user arguments passed to specific CLI commands. An attacker can exploit this by logging in with valid administrative credentials and using specially crafted commands at the CLI prompt.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with administrative access to execute arbitrary commands as root, potentially leading to full control over the affected device's operating system. This could result in unauthorized changes, data compromise, or disruption of device operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70