CVE-2025-20307 — Vulnetix

CVE-2025-20307 PUBLISHED CVSS 4.800000190734863 MEDIUM

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

EPSS 0.19% · 41.0th percentile

Risk Scores

CVSS 3.1

4.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.19%

41.0th percentile

Affected Products

Vendor	Product	Versions
cisco	broadworks_application_delivery_platform	0
Cisco	Cisco BroadWorks	24.0 ap376842, 24.0 ap374270, 24.0 ap376702

Exploit Intelligence

cisco-sa-broadworks-xss-O696ymRA (circl)

Timeline

Oct 10, 2024 CVE ID Reserved
Jul 2, 2025 Coalition ESS Score
Jul 2, 2025 CVE Published
Jul 3, 2025 EPSS Score
Jul 3, 2025 Coalition ESS Score
Jul 13, 2025 EPSS Score
Jul 22, 2025 EPSS Score
Jul 31, 2025 Coalition ESS Score
Aug 1, 2025 EPSS Score
Aug 11, 2025 EPSS Score
Aug 20, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score

References

cisco-sa-broadworks-xss-O696ymRA url
https://nvd.nist.gov/vuln/detail/CVE-2025-20307 advisory

Open in Interactive Console →