VDB
CVE-2025-20235
CVE-2025-20235
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
EPSS 0.02% · 7.2th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.02%
7.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Firepower Management Center | 6.2.3.1, 6.2.3.10, 6.2.3.8 |
| cisco | secure_firewall_management_center | 6.2.3.1, 6.2.3.2, 6.2.3.3 |
Exploit Intelligence
- cisco-sa-fmc-xss-JtNmcusP (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Aug 14, 2025 Coalition ESS Score
- Aug 14, 2025 CVE Published
- Aug 14, 2025 CVE Updated
- Aug 15, 2025 EPSS Score
- Aug 15, 2025 Coalition ESS Score
- Aug 23, 2025 EPSS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 31, 2025 EPSS Score
- Sep 9, 2025 EPSS Score
- Sep 17, 2025 EPSS Score
- Sep 25, 2025 EPSS Score