#VU118524 Improper access control in Cisco Catalyst Center Virtual Appliance - CVE-2025-20341
Published: November 13, 2025
Vulnerability identifier: #VU118524
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-20341
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Catalyst Center Virtual Appliance
Cisco Catalyst Center Virtual Appliance
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A remote user can send a specially crafted HTTP request and perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system.
Remediation
Install updates from vendor's website.