VDB
CVE-2025-20259
CVE-2025-20259
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
EPSS 0.11% · 28.2th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.11%
28.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | thousandeyes_endpoint_agent | 0 |
| Cisco | Cisco ThousandEyes Endpoint Agent | N/A |
Exploit Intelligence
Timeline
- Oct 10, 2024 CVE ID Reserved
- Jun 4, 2025 Coalition ESS Score
- Jun 4, 2025 CVE Published
- Jun 4, 2025 CVE Updated
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 18, 2025 Coalition ESS Score
- Jun 26, 2025 EPSS Score
- Jul 7, 2025 EPSS Score
- Jul 18, 2025 EPSS Score
- Jul 22, 2025 Coalition ESS Score
- Jul 28, 2025 EPSS Score