SB2025111373 - Two vulnerabilities in Cisco Catalyst Center Virtual Appliance

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Open redirect (CVE-ID: CVE-2025-20355)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

2) Improper access control (CVE-ID: CVE-2025-20341)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions. A remote user can send a specially crafted HTTP request and perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo33422
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo97875