#VU116110 Path traversal in Cisco Systems, Inc products - CVE-2025-20314
Published: September 25, 2025
Vulnerability identifier: #VU116110
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-20314
CWE-ID: CWE-22
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
1000 Series Integrated Services Routers
1100 Terminal Services Gateways
4000 Series Integrated Services Routers
8100 Series Secure Routers
8400 Series Secure Routers
C8375-E-G2 Platforms
Catalyst IE3300 Rugged Series Routers
Catalyst IR8300 Rugged Series Routers
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Edge Platforms
Catalyst 9200 Series Switches
Embedded Services 3300 Series
VG410 Analog Voice Gateways
ASR 1000 Series Aggregation Services Routers
Catalyst IR1100 Rugged Series Routers
Catalyst IR8100 Heavy Duty Series Routers
Cisco IOS XE
1000 Series Integrated Services Routers
1100 Terminal Services Gateways
4000 Series Integrated Services Routers
8100 Series Secure Routers
8400 Series Secure Routers
C8375-E-G2 Platforms
Catalyst IE3300 Rugged Series Routers
Catalyst IR8300 Rugged Series Routers
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Edge Platforms
Catalyst 9200 Series Switches
Embedded Services 3300 Series
VG410 Analog Voice Gateways
ASR 1000 Series Aggregation Services Routers
Catalyst IR1100 Rugged Series Routers
Catalyst IR8100 Heavy Duty Series Routers
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due improper validation of software packages. A local adinistrator can send a specially crafted HTTP request and upload arbitrary files on the system, leading to arbitrary commands execution.
Remediation
Install updates from vendor's website.