CISCO-SA-WEBUI-MULTI-ARNHM4V6
Multiple vulnerabilities in the web-based management interface of Cisco IOS XE Software could allow a remote attacker to read files from the underlying operating system, read limited parts of the configuration file, clear the syslog, or conduct a cross-site request forgery (CSRF) attack on an affected device, depending on their privilege level. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279"].
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 16.3.7 | ||
| 16.4.2 | ||
| 16.3.5b | ||
| 16.2.1 | ||
| 16.3.3 | ||
| 16.3.1 | ||
| 16.3.11 | ||
| 16.3.8 | ||
| 16.3.5 | ||
| 16.3.10 | ||
| 16.3.1a | ||
| 16.1.2 | ||
| 16.3.9 | ||
| 16.4.1 | ||
| 16.2.2 | ||
| 16.1.1 | ||
| 16.1.3 | ||
| 16.3.4 | ||
| 16.3.2 | ||
| 16.3.6 |
Exploit Intelligence
- https://software.cisco.com (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6 (circl)
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279 (circl)
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html (circl)
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk16979 (circl)
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk25133 (circl)
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk23580 (circl)
- https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-17/221107-filter-traffic-destined-to-cisco-ios-xe.html (circl)
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes (circl)
- https://www.cisco.com/go/psirt (circl)
…and 3 more exploits
Timeline
- May 7, 2025 CVE Published
References
- https://software.cisco.com fix
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6 advisory
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279 url
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk16979 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk25133 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk23580 url
- https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-17/221107-filter-traffic-destined-to-cisco-ios-xe.html url
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes url
- https://www.cisco.com/go/psirt url
- https://sec.cloudapps.cisco.com/security/center/softwarechecker.x url
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr url
- http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html url