CNVD-2025-06742 — Vulnetix

CNVD-2025-06742 PUBLISHED CVSS 9.600000381469727 CRITICAL

Cisco Expressway Series是美国思科公司的一款用于防火墙外访问设备的软件。 Cisco Expressway Series存在跨站请求伪造漏洞，攻击者可利用该漏洞执行任意操作。

Risk Scores

CVSS 3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Cisco	Cisco TelePresence Video Communication Server (VCS) Expressway	X14.3.2, X8.5.1, X8.5.3
cisco	telepresence_video_communication_server_software	x8.5.1, x8.5.3, x8.5

Exploit Intelligence

CIRCL seen: CVE-2024-20252 (circl-sighting)
CIRCL seen: CVE-2024-20252 (circl-sighting)
CIRCL seen: CVE-2024-20252 (circl-sighting)
CIRCL seen: CVE-2024-20252 (circl-sighting)
CIRCL seen: CVE-2024-20252 (circl-sighting)
CIRCL seen: CVE-2024-20252 (circl-sighting)
CIRCL seen: CVE-2024-20252 (circl-sighting)
cisco-sa-expressway-csrf-KnnZDMj3 (circl)

Timeline

Feb 7, 2024 CVE Published
Feb 7, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Mar 1, 2024 PoC Published

References

cisco-sa-expressway-csrf-KnnZDMj3 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›