VDB
CVE-2025-20218
CVE-2025-20218
PUBLISHED
CVSS 4.900000095367432 MEDIUM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
EPSS 0.06% · 20.3th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.06%
20.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | secure_firewall_management_center | 7.2.5, 6.2.3, 6.2.3.2 |
| Cisco | Cisco Firepower Management Center | 6.2.3.10, 6.2.3.12, 6.2.3.8 |
Exploit Intelligence
- cisco-sa-fmc-xpathinj-COrThdMb (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Aug 14, 2025 Coalition ESS Score
- Aug 14, 2025 CVE Published
- Aug 14, 2025 CVE Updated
- Aug 15, 2025 EPSS Score
- Aug 15, 2025 Coalition ESS Score
- Aug 23, 2025 EPSS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 31, 2025 EPSS Score
- Sep 9, 2025 EPSS Score
- Sep 17, 2025 EPSS Score
- Sep 25, 2025 EPSS Score