Main Vulnerability Database Vulnerabilities #VU105375

Improper Verification of Cryptographic Signature in Cisco Secure Client for Windows - CVE-2025-20206

Published: March 6, 2025

Vulnerability identifier: #VU105375

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-20206

CWE-ID: CWE-347

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Secure Client for Windows

Detailed vulnerability description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficient validation of resources that are loaded by the application at run time within the interprocess communication (IPC) channel. A local user can send a specially crafted IPC message and execute arbitrary code on the system.

How to mitigate CVE-2025-20206

Install updates from vendor's website.

Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-dll-injection-AOyzEqSg

Improper Verification of Cryptographic Signature in Cisco Secure Client for Windows - CVE-2025-20206

Detailed vulnerability description

How to mitigate CVE-2025-20206

Sources

Please verify you're human