VDB

CVE-2025-20355

CVE-2025-20355 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

EPSS 0.02% · 5.7th percentile

Risk Scores

CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score
0.02%
5.7th percentile

Affected Products

VendorProductVersions
CiscoCisco Digital Network Architecture Center (DNA Center)1.4.0.0, 2.1.1.0, 2.1.1.3

Exploit Intelligence

Timeline

  • Oct 10, 2024 CVE ID Reserved
  • Nov 13, 2025 Coalition ESS Score
  • Nov 13, 2025 CVE Published
  • Nov 13, 2025 CVE Updated
  • Nov 13, 2025 PoC Published
  • Nov 14, 2025 EPSS Score
  • Nov 14, 2025 Coalition ESS Score
  • Nov 15, 2025 Coalition ESS Score
  • Nov 19, 2025 EPSS Score
  • Nov 24, 2025 EPSS Score
  • Nov 27, 2025 Coalition ESS Score
  • Nov 29, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›