VDB
CVE-2025-20345
CVE-2025-20345
PUBLISHED
CVSS 4.900000095367432 MEDIUM
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to system log files. An attacker could exploit this vulnerability by accessing logs on an affected system. A successful exploit could allow the attacker to view sensitive information that should be restricted.
EPSS 0.13% · 32.1th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.13%
32.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Duo Authentication Proxy | 2.4.8, 2.4.2, 2.4.5 |
Exploit Intelligence
Timeline
- Oct 10, 2024 CVE ID Reserved
- Aug 20, 2025 Coalition ESS Score
- Aug 20, 2025 CVE Published
- Aug 20, 2025 CVE Updated
- Aug 21, 2025 EPSS Score
- Aug 22, 2025 Coalition ESS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 29, 2025 EPSS Score
- Sep 6, 2025 EPSS Score
- Sep 14, 2025 EPSS Score
- Sep 22, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
References
- cisco-sa-authproxlog-SxczXQ63 url
- CSCvd36820 url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 url
- Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication url
- https://nvd.nist.gov/vuln/detail/CVE-2025-20345 advisory