VDB
CVE-2025-20355
CVE-2025-20355
PUBLISHED
CVSS 4.699999809265137 MEDIUM
A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
EPSS 0.02% · 5.7th percentile
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score
0.02%
5.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) | 1.4.0.0, 2.1.1.0, 2.1.1.3 |
Exploit Intelligence
- CIRCL seen: CVE-2025-20355 (circl-sighting)
- cisco-sa-catc-open-redirect-3W5Bk3Je (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Nov 13, 2025 Coalition ESS Score
- Nov 13, 2025 CVE Published
- Nov 13, 2025 CVE Updated
- Nov 13, 2025 PoC Published
- Nov 14, 2025 EPSS Score
- Nov 14, 2025 Coalition ESS Score
- Nov 15, 2025 Coalition ESS Score
- Nov 19, 2025 EPSS Score
- Nov 24, 2025 EPSS Score
- Nov 27, 2025 Coalition ESS Score
- Nov 29, 2025 EPSS Score