VDB

CVE-2025-20364

CVE-2025-20364 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit this vulnerability by sending 802.11 Device Analytics action frames with arbitrary parameters. A successful exploit could allow the attacker to inject Device Analytics action frames with arbitrary information, which could modify the Device Analytics data of valid wireless clients that are connected to the same wireless controller.

EPSS 0.01% · 1.3th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.01%
1.3th percentile

Affected Products

VendorProductVersions
CiscoCisco Aironet Access Point Software (IOS XE Controller)16.10.1e, 17.1.1t, 17.1.1s

Exploit Intelligence

Timeline

  • Oct 10, 2024 CVE ID Reserved
  • Sep 24, 2025 CVE Published
  • Sep 25, 2025 EPSS Score
  • Oct 2, 2025 EPSS Score
  • Oct 3, 2025 Coalition ESS Score
  • Oct 6, 2025 Coalition ESS Score
  • Oct 9, 2025 EPSS Score
  • Oct 15, 2025 EPSS Score
  • Oct 15, 2025 CVE Updated
  • Oct 22, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 5, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›