CVE-2025-20349
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-13

Last updated on: 2025-11-19

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-13
Last Modified
2025-11-19
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20349
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco catalyst_center to 2.3.7.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the REST API of Cisco Catalyst Center and allows an authenticated remote attacker to execute arbitrary commands with root privileges inside a restricted container. It occurs because the REST API does not properly validate user-supplied input in request parameters. An attacker with valid credentials of at least Observer role can send a specially crafted API request to inject and execute commands.

Impact Analysis

If exploited, this vulnerability could allow an attacker to execute arbitrary commands with root privileges in a restricted container on the affected device. This could lead to unauthorized control over the device, potential data compromise, disruption of services, or further attacks within the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20349. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart