Common Weakness Enumeration

CWE-77

Allowed-with-Review

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Abstraction: Class · Status: Draft

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

5383 vulnerabilities reference this CWE, most recent first.

CVE-2025-23239 (GCVE-0-2025-23239)

Vulnerability from cvelistv5 – Published: 2025-02-05 17:31 – Updated: 2026-02-26 19:09
VLAI
Title
BIG-IP iControl REST vulnerability
Summary
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
f5
References
Impacted products
Vendor Product Version
F5 BIG-IP Affected: 17.1.1 , < 17.1.2 (custom)
Unaffected: 16.1.0 , < * (custom)
Unaffected: 15.1.0 , < * (custom)
Create a notification for this product.
Date Public
2025-02-05 15:00
Credits
F5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T04:55:25.457568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:23.346Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "17.1.2",
              "status": "affected",
              "version": "17.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-02-05T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\u003c/span\u003e\u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T00:39:58.310Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000138757"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP iControl REST vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-23239",
    "datePublished": "2025-02-05T17:31:03.286Z",
    "dateReserved": "2025-01-22T00:16:50.328Z",
    "dateUpdated": "2026-02-26T19:09:23.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23196 (GCVE-0-2025-23196)

Vulnerability from cvelistv5 – Published: 2025-01-21 21:23 – Updated: 2025-02-03 08:22
VLAI
Title
Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
Summary
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Ambari Affected: 8 , < 2.7.9 (semver)
Create a notification for this product.
Credits
Liyw979 robinzeng2015 fcgboy wk2025 Tari from Sangfor Company
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-21T23:02:44.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/21/8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-23196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T14:47:59.283725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T14:48:12.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Ambari",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.7.9",
              "status": "affected",
              "version": "8",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Liyw979"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "robinzeng2015"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "fcgboy"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "wk2025"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Tari from Sangfor Company"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A code injection vulnerability exists in the Ambari Alert Definition \nfeature, allowing authenticated users to inject and execute arbitrary \nshell commands. The vulnerability arises when defining alert scripts, \nwhere the script filename field is executed using `sh -c`. An attacker \nwith authenticated access can exploit this vulnerability to inject \nmalicious commands, leading to remote code execution on the server. The \nissue has been fixed in the latest versions of Ambari."
            }
          ],
          "value": "A code injection vulnerability exists in the Ambari Alert Definition \nfeature, allowing authenticated users to inject and execute arbitrary \nshell commands. The vulnerability arises when defining alert scripts, \nwhere the script filename field is executed using `sh -c`. An attacker \nwith authenticated access can exploit this vulnerability to inject \nmalicious commands, leading to remote code execution on the server. The \nissue has been fixed in the latest versions of Ambari."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T08:22:56.454Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-23196",
    "datePublished": "2025-01-21T21:23:41.389Z",
    "dateReserved": "2025-01-13T14:43:54.173Z",
    "dateUpdated": "2025-02-03T08:22:56.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22630 (GCVE-0-2025-22630)

Vulnerability from cvelistv5 – Published: 2025-02-14 07:10 – Updated: 2026-04-28 16:11
VLAI
Title
WordPress Widget Options Plugin <= 4.1.0 - Arbitrary Code Execution vulnerability
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget Options: from n/a through <= 4.1.0.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Vendor Product Version
Marketing Fire Widget Options Affected: 0 , ≤ 4.1.0 (custom)
Create a notification for this product.
Date Public
2026-04-01 16:31
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22630",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T15:36:19.612042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T15:46:06.040Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "widget-options",
          "product": "Widget Options",
          "vendor": "Marketing Fire",
          "versions": [
            {
              "changes": [
                {
                  "at": "4.1.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:31:41.610Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.\u003cp\u003eThis issue affects Widget Options: from n/a through \u003c= 4.1.0.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget Options: from n/a through \u003c= 4.1.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:11:02.370Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-1-0-arbitrary-code-execution-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Widget Options Plugin \u003c= 4.1.0 - Arbitrary Code Execution vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-22630",
    "datePublished": "2025-02-14T07:10:21.622Z",
    "dateReserved": "2025-01-07T21:02:24.869Z",
    "dateUpdated": "2026-04-28T16:11:02.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-22481 (GCVE-0-2025-22481)

Vulnerability from cvelistv5 – Published: 2025-06-06 15:53 – Updated: 2026-02-26 17:51
VLAI
Title
QTS, QuTS hero
Summary
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.2.x , < 5.2.4.3079 build 20250321 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.2.x , < h5.2.4.3079 build 20250321 (custom)
Create a notification for this product.
Credits
Searat and izut
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T04:01:34.581921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:51:06.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.4.3079 build 20250321",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.4.3079 build 20250321",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Searat and izut"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.4.3079 build 20250321 and later\u003cbr\u003eQuTS hero h5.2.4.3079 build 20250321 and later\u003cbr\u003e"
            }
          ],
          "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-06T15:53:18.696Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-12"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.4.3079 build 20250321 and later\u003cbr\u003eQuTS hero h5.2.4.3079 build 20250321 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-12",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2025-22481",
    "datePublished": "2025-06-06T15:53:18.696Z",
    "dateReserved": "2025-01-07T06:55:33.249Z",
    "dateUpdated": "2026-02-26T17:51:06.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-22476 (GCVE-0-2025-22476)

Vulnerability from cvelistv5 – Published: 2025-05-06 16:08 – Updated: 2025-05-06 18:05
VLAI
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Vendor Product Version
Dell Dell Storage Center - Dell Storage Manager Affected: N/A , < 2020 R1.21 (semver)
Create a notification for this product.
Date Public
2025-05-05 17:00
Credits
Dell would like to thank sradulea and xiaohei from Ubisectech Sirius Team for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22476",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T18:02:39.170946Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T18:05:34.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell Storage Center - Dell Storage Manager",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2020 R1.21",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank sradulea and xiaohei from Ubisectech Sirius Team for reporting this issue."
        }
      ],
      "datePublic": "2025-05-05T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-06T16:08:47.526Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-22476",
    "datePublished": "2025-05-06T16:08:47.526Z",
    "dateReserved": "2025-01-07T06:04:12.135Z",
    "dateUpdated": "2025-05-06T18:05:34.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22473 (GCVE-0-2025-22473)

Vulnerability from cvelistv5 – Published: 2025-03-17 17:42 – Updated: 2026-02-26 19:09
VLAI
Summary
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Dell SmartFabric OS10 Software Affected: 10.5.4.x
Affected: 10.5.5.x
Affected: 10.5.6.x
Affected: 10.6.0.x
Create a notification for this product.
Date Public
2025-02-28 06:30
Credits
Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T03:55:28.855548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:25.658Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SmartFabric OS10 Software",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "10.5.4.x"
            },
            {
              "status": "affected",
              "version": "10.5.5.x"
            },
            {
              "status": "affected",
              "version": "10.5.6.x"
            },
            {
              "status": "affected",
              "version": "10.6.0.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue."
        }
      ],
      "datePublic": "2025-02-28T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.\u003cbr\u003e"
            }
          ],
          "value": "Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T17:42:17.025Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-22473",
    "datePublished": "2025-03-17T17:42:17.025Z",
    "dateReserved": "2025-01-07T06:04:12.134Z",
    "dateUpdated": "2026-02-26T19:09:25.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-22472 (GCVE-0-2025-22472)

Vulnerability from cvelistv5 – Published: 2025-03-17 17:47 – Updated: 2026-02-26 19:09
VLAI
Summary
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Dell SmartFabric OS10 Software Affected: 10.5.4.x
Affected: 10.5.5.x
Affected: 10.5.6.x
Affected: 10.6.0.x
Create a notification for this product.
Date Public
2025-02-28 06:30
Credits
Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22472",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T03:55:30.367969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:25.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SmartFabric OS10 Software",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "10.5.4.x"
            },
            {
              "status": "affected",
              "version": "10.5.5.x"
            },
            {
              "status": "affected",
              "version": "10.5.6.x"
            },
            {
              "status": "affected",
              "version": "10.6.0.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue."
        }
      ],
      "datePublic": "2025-02-28T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.\u003cbr\u003e"
            }
          ],
          "value": "Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T17:47:44.343Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-22472",
    "datePublished": "2025-03-17T17:47:44.343Z",
    "dateReserved": "2025-01-07T06:04:12.134Z",
    "dateUpdated": "2026-02-26T19:09:25.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20334 (GCVE-0-2025-20334)

Vulnerability from cvelistv5 – Published: 2025-09-24 17:07 – Updated: 2026-02-26 17:48
VLAI
Summary
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XE Software Affected: 17.9.5
Affected: 17.9.5a
Affected: 17.9.5b
Affected: 17.9.6
Affected: 17.9.6a
Affected: 17.9.7
Affected: 17.9.5e
Affected: 17.9.5f
Affected: 17.9.7a
Affected: 17.9.7b
Affected: 17.12.2
Affected: 17.12.3
Affected: 17.12.2a
Affected: 17.12.4
Affected: 17.12.3a
Affected: 17.12.4a
Affected: 17.12.5
Affected: 17.12.4b
Affected: 17.12.5a
Affected: 17.12.5b
Affected: 17.12.5c
Affected: 17.13.1
Affected: 17.13.1a
Affected: 17.14.1
Affected: 17.14.1a
Affected: 17.15.1
Affected: 17.15.1w
Affected: 17.15.1a
Affected: 17.15.2
Affected: 17.15.1b
Affected: 17.15.1x
Affected: 17.15.1z
Affected: 17.15.2c
Affected: 17.15.2a
Affected: 17.15.1y
Affected: 17.15.2b
Affected: 17.16.1
Affected: 17.16.1a
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20334",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-25T03:55:56.503647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:04.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.9.5"
            },
            {
              "status": "affected",
              "version": "17.9.5a"
            },
            {
              "status": "affected",
              "version": "17.9.5b"
            },
            {
              "status": "affected",
              "version": "17.9.6"
            },
            {
              "status": "affected",
              "version": "17.9.6a"
            },
            {
              "status": "affected",
              "version": "17.9.7"
            },
            {
              "status": "affected",
              "version": "17.9.5e"
            },
            {
              "status": "affected",
              "version": "17.9.5f"
            },
            {
              "status": "affected",
              "version": "17.9.7a"
            },
            {
              "status": "affected",
              "version": "17.9.7b"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.12.2a"
            },
            {
              "status": "affected",
              "version": "17.12.4"
            },
            {
              "status": "affected",
              "version": "17.12.3a"
            },
            {
              "status": "affected",
              "version": "17.12.4a"
            },
            {
              "status": "affected",
              "version": "17.12.5"
            },
            {
              "status": "affected",
              "version": "17.12.4b"
            },
            {
              "status": "affected",
              "version": "17.12.5a"
            },
            {
              "status": "affected",
              "version": "17.12.5b"
            },
            {
              "status": "affected",
              "version": "17.12.5c"
            },
            {
              "status": "affected",
              "version": "17.13.1"
            },
            {
              "status": "affected",
              "version": "17.13.1a"
            },
            {
              "status": "affected",
              "version": "17.14.1"
            },
            {
              "status": "affected",
              "version": "17.14.1a"
            },
            {
              "status": "affected",
              "version": "17.15.1"
            },
            {
              "status": "affected",
              "version": "17.15.1w"
            },
            {
              "status": "affected",
              "version": "17.15.1a"
            },
            {
              "status": "affected",
              "version": "17.15.2"
            },
            {
              "status": "affected",
              "version": "17.15.1b"
            },
            {
              "status": "affected",
              "version": "17.15.1x"
            },
            {
              "status": "affected",
              "version": "17.15.1z"
            },
            {
              "status": "affected",
              "version": "17.15.2c"
            },
            {
              "status": "affected",
              "version": "17.15.2a"
            },
            {
              "status": "affected",
              "version": "17.15.1y"
            },
            {
              "status": "affected",
              "version": "17.15.2b"
            },
            {
              "status": "affected",
              "version": "17.16.1"
            },
            {
              "status": "affected",
              "version": "17.16.1a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.\r\n\r This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T17:07:48.420Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ios-xe-cmd-inject-rPJM8BGL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-xe-cmd-inject-rPJM8BGL",
        "defects": [
          "CSCwn48408"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20334",
    "datePublished": "2025-09-24T17:07:19.311Z",
    "dateReserved": "2024-10-10T19:15:13.255Z",
    "dateUpdated": "2026-02-26T17:48:04.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20306 (GCVE-0-2025-20306)

Vulnerability from cvelistv5 – Published: 2025-08-14 16:31 – Updated: 2026-02-26 17:48
VLAI
Title
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root&nbsp;user on the affected device. To exploit this vulnerability, an attacker would need&nbsp;Administrator-level credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Firepower Management Center Affected: 6.2.3.12
Affected: 6.2.3.1
Affected: 6.2.3.10
Affected: 6.2.3.8
Affected: 6.4.0.6
Affected: 6.2.3
Affected: 6.4.0.7
Affected: 6.2.3.13
Affected: 6.2.3.5
Affected: 6.4.0.4
Affected: 6.2.3.9
Affected: 6.2.3.14
Affected: 6.4.0.1
Affected: 6.2.3.6
Affected: 6.2.3.11
Affected: 6.4.0.8
Affected: 6.2.3.2
Affected: 6.4.0.2
Affected: 6.2.3.3
Affected: 6.4.0.3
Affected: 6.2.3.7
Affected: 6.2.3.4
Affected: 6.4.0.5
Affected: 6.4.0
Affected: 6.2.3.15
Affected: 6.6.0
Affected: 6.4.0.9
Affected: 6.2.3.16
Affected: 6.6.0.1
Affected: 6.6.1
Affected: 6.4.0.10
Affected: 6.4.0.11
Affected: 6.6.3
Affected: 6.6.4
Affected: 6.4.0.12
Affected: 7.0.0
Affected: 6.2.3.17
Affected: 7.0.0.1
Affected: 6.6.5
Affected: 7.0.1
Affected: 7.1.0
Affected: 6.6.5.1
Affected: 6.4.0.13
Affected: 7.0.1.1
Affected: 6.2.3.18
Affected: 6.4.0.14
Affected: 6.6.5.2
Affected: 7.1.0.1
Affected: 7.0.2
Affected: 6.4.0.15
Affected: 7.2.0
Affected: 7.0.2.1
Affected: 7.0.3
Affected: 6.6.7
Affected: 7.1.0.2
Affected: 7.2.0.1
Affected: 7.0.4
Affected: 7.2.1
Affected: 7.0.5
Affected: 6.4.0.16
Affected: 7.3.0
Affected: 7.2.2
Affected: 6.6.7.1
Affected: 7.3.1
Affected: 7.2.3
Affected: 7.1.0.3
Affected: 7.2.3.1
Affected: 7.2.4
Affected: 7.0.6
Affected: 7.2.4.1
Affected: 7.2.5
Affected: 7.3.1.1
Affected: 7.4.0
Affected: 6.4.0.17
Affected: 7.0.6.1
Affected: 7.2.5.1
Affected: 7.4.1
Affected: 7.2.6
Affected: 7.4.1.1
Affected: 7.0.6.2
Affected: 6.4.0.18
Affected: 6.6.7.2
Affected: 7.2.7
Affected: 7.2.5.2
Affected: 7.3.1.2
Affected: 7.2.8
Affected: 7.6.0
Affected: 7.4.2
Affected: 7.2.8.1
Affected: 7.0.6.3
Affected: 7.4.2.1
Affected: 7.2.9
Affected: 7.0.7
Affected: 7.7.0
Affected: 7.4.2.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-16T03:55:50.207902Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:33.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Firepower Management Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.12"
            },
            {
              "status": "affected",
              "version": "6.2.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.3.10"
            },
            {
              "status": "affected",
              "version": "6.2.3.8"
            },
            {
              "status": "affected",
              "version": "6.4.0.6"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.4.0.7"
            },
            {
              "status": "affected",
              "version": "6.2.3.13"
            },
            {
              "status": "affected",
              "version": "6.2.3.5"
            },
            {
              "status": "affected",
              "version": "6.4.0.4"
            },
            {
              "status": "affected",
              "version": "6.2.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3.14"
            },
            {
              "status": "affected",
              "version": "6.4.0.1"
            },
            {
              "status": "affected",
              "version": "6.2.3.6"
            },
            {
              "status": "affected",
              "version": "6.2.3.11"
            },
            {
              "status": "affected",
              "version": "6.4.0.8"
            },
            {
              "status": "affected",
              "version": "6.2.3.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.2"
            },
            {
              "status": "affected",
              "version": "6.2.3.3"
            },
            {
              "status": "affected",
              "version": "6.4.0.3"
            },
            {
              "status": "affected",
              "version": "6.2.3.7"
            },
            {
              "status": "affected",
              "version": "6.2.3.4"
            },
            {
              "status": "affected",
              "version": "6.4.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.0"
            },
            {
              "status": "affected",
              "version": "6.2.3.15"
            },
            {
              "status": "affected",
              "version": "6.6.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.9"
            },
            {
              "status": "affected",
              "version": "6.2.3.16"
            },
            {
              "status": "affected",
              "version": "6.6.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.10"
            },
            {
              "status": "affected",
              "version": "6.4.0.11"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "6.4.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "6.2.3.17"
            },
            {
              "status": "affected",
              "version": "7.0.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.5"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "6.6.5.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.13"
            },
            {
              "status": "affected",
              "version": "7.0.1.1"
            },
            {
              "status": "affected",
              "version": "6.2.3.18"
            },
            {
              "status": "affected",
              "version": "6.4.0.14"
            },
            {
              "status": "affected",
              "version": "6.6.5.2"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.15"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.0.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.3"
            },
            {
              "status": "affected",
              "version": "6.6.7"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.0.16"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "6.6.7.1"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.17"
            },
            {
              "status": "affected",
              "version": "7.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.18"
            },
            {
              "status": "affected",
              "version": "6.6.7.2"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.3"
            },
            {
              "status": "affected",
              "version": "7.4.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.9"
            },
            {
              "status": "affected",
              "version": "7.0.7"
            },
            {
              "status": "affected",
              "version": "7.7.0"
            },
            {
              "status": "affected",
              "version": "7.4.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.\r\n\r\nThis vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root\u0026nbsp;user on the affected device. To exploit this vulnerability, an attacker would need\u0026nbsp;Administrator-level credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T16:31:25.343Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-fmc-cmd-inj-HCRLpFyN",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-HCRLpFyN"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fmc-cmd-inj-HCRLpFyN",
        "defects": [
          "CSCwo20522"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Firewall Management Center Software Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20306",
    "datePublished": "2025-08-14T16:31:25.343Z",
    "dateReserved": "2024-10-10T19:15:13.253Z",
    "dateUpdated": "2026-02-26T17:48:33.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20278 (GCVE-0-2025-20278)

Vulnerability from cvelistv5 – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
VLAI
Title
Cisco Unified Communications Products Command Injection Vulnerability
Summary
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
Affected: 10.5(1)ES4
Affected: 11.6(1)ES3
Affected: 11.0(1)ES2
Affected: 12.0(1)ES2
Affected: 10.5(1)ES3
Affected: 11.0(1)
Affected: 11.6(1)FIPS
Affected: 11.6(1)ES4
Affected: 11.0(1)ES3
Affected: 10.5(1)ES6
Affected: 11.0(1)ES7
Affected: 11.5(1)ES4
Affected: 10.5(1)ES8
Affected: 11.5(1)
Affected: 11.6(1)
Affected: 10.5(1)ES10
Affected: 11.6(1)ES2
Affected: 11.6(1)ES
Affected: 11.0(1)ES6
Affected: 11.0(1)ES4
Affected: 12.0(1)
Affected: 11.6(1)ES7
Affected: 10.5(1)ES7
Affected: 11.6(1)ES8
Affected: 11.5(1)ES1
Affected: 11.6(1)ES1
Affected: 11.5(1)ES5
Affected: 11.0(1)ES1
Affected: 10.5(1)
Affected: 11.6(1)ES6
Affected: 10.5(1)ES2
Affected: 12.0(1)ES1
Affected: 11.0(1)ES5
Affected: 10.5(1)ES5
Affected: 11.5(1)ES3
Affected: 11.5(1)ES2
Affected: 10.5(1)ES9
Affected: 11.6(1)ES5
Affected: 11.6(1)ES9
Affected: 11.5(1)ES6
Affected: 10.5(1)ES1
Affected: 12.5(1)
Affected: 12.0(1)ES3
Affected: 11.6(1)ES10
Affected: 12.5(1)ES1
Affected: 12.5(1)ES2
Affected: 12.0(1)ES4
Affected: 12.5(1)ES3
Affected: 12.0(1)ES5
Affected: 12.5(1)ES4
Affected: 12.0(1)ES6
Affected: 12.5(1)ES5
Affected: 12.5(1)ES6
Affected: 12.0(1)ES7
Affected: 12.6(1)
Affected: 12.5(1)ES7
Affected: 11.6(1)ES11
Affected: 12.6(1)ES1
Affected: 12.0(1)ES8
Affected: 12.5(1)ES8
Affected: 12.6(1)ES2
Affected: 12.6(1)ES3
Affected: 12.6(1)ES4
Affected: 12.6(1)ES5
Affected: 12.5(2)
Affected: 12.5(1)_SU
Affected: 12.5(1)SU
Affected: 12.6(1)ES6
Affected: 12.5(1)SU ES1
Affected: 12.6(1)ES7
Affected: 12.6(1)ES7_ET
Affected: 12.6(2)
Affected: 12.6(1)ES8
Affected: 12.6(1)ES9
Affected: 12.6(2)ES1
Affected: 12.6(1)ES10
Affected: 12.5(1)SU ES2
Affected: 12.6(1)ES11
Affected: 12.6(2)ES2
Affected: 12.6(2)ES3
Affected: 12.5(1)SU ES3
Affected: 12.6(2)ES4
Affected: 12.6(2)ES5
Create a notification for this product.
Cisco Cisco SocialMiner Affected: 12.5(1)ES01
Affected: 10.5(1)
Affected: 11.6(1)
Affected: 10.6(1)
Affected: 12.0(1)ES04
Affected: 10.6(2)
Affected: 12.5(1)
Affected: 11.6(2)
Affected: 12.0(1)
Affected: 12.0(1)ES02
Affected: 11.0(1)
Affected: 11.5(1)
Affected: 11.5(1)SU1
Affected: 12.0(1)ES03
Affected: 12.5(1)SU3
Affected: 12.5(1)SU1
Affected: 12.5(1)SU2
Create a notification for this product.
Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
Affected: 12.5(1)SU1
Affected: 12.5(1)
Affected: 12.5(1)SU3
Affected: 12.5(1)SU4
Affected: 14
Affected: 12.5(1)SU5
Affected: 14SU1
Affected: 12.5(1)SU6
Affected: 14SU2
Affected: 12.5(1)SU7
Affected: 12.5(1)SU7a
Affected: 14SU3
Affected: 12.5(1)SU8
Affected: 12.5(1)SU8a
Affected: 15
Affected: 15SU1
Affected: 14SU4
Affected: 14SU4a
Affected: 15SU1a
Affected: 12.5(1)SU9
Create a notification for this product.
Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
Affected: 12.5(1)SU1
Affected: 12.5(1)SU2
Affected: 12.5(1)SU3
Affected: 12.5(1)SU4
Affected: 14
Affected: 12.5(1)SU5
Affected: 14SU1
Affected: 12.5(1)SU6
Affected: 14SU2
Affected: 14SU2a
Affected: 12.5(1)SU7
Affected: 14SU3
Affected: 12.5(1)SU8
Affected: 15
Affected: Recovery ISO
Affected: 15SU1
Affected: 14SU4
Affected: 12.5(1)SU9
Create a notification for this product.
Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
Affected: 10.5(1)SU1
Affected: 10.6(1)SU3
Affected: 12.0(1)
Affected: 10.0(1)SU1
Affected: 10.6(1)SU1
Affected: 11.0(1)SU1
Affected: 11.5(1)SU1
Affected: 10.5(1)
Affected: 11.6(1)
Affected: 11.6(2)
Affected: 12.5(1)
Affected: 12.5(1)SU1
Affected: 12.5(1)SU2
Affected: 12.5(1)SU3
Affected: 12.5(1)_SU03_ES01
Affected: 12.5(1)_SU03_ES02
Affected: 12.5(1)_SU02_ES03
Affected: 12.5(1)_SU02_ES04
Affected: 12.5(1)_SU02_ES02
Affected: 12.5(1)_SU01_ES02
Affected: 12.5(1)_SU01_ES03
Affected: 12.5(1)_SU02_ES01
Affected: 11.6(2)ES07
Affected: 11.6(2)ES08
Affected: 12.5(1)_SU01_ES01
Affected: 12.0(1)ES04
Affected: 12.5(1)ES02
Affected: 12.5(1)ES03
Affected: 11.6(2)ES06
Affected: 12.5(1)ES01
Affected: 12.0(1)ES03
Affected: 12.0(1)ES01
Affected: 11.6(2)ES05
Affected: 12.0(1)ES02
Affected: 11.6(2)ES04
Affected: 11.6(2)ES03
Affected: 11.6(2)ES02
Affected: 11.6(2)ES01
Affected: 10.6(1)SU3ES03
Affected: 11.0(1)SU1ES03
Affected: 10.6(1)SU3ES01
Affected: 10.5(1)SU1ES10
Affected: 10.0(1)SU1ES04
Affected: 11.5(1)SU1ES03
Affected: 11.6(1)ES02
Affected: 11.5(1)ES01
Affected: 9.0(2)SU3ES04
Affected: 10.6(1)SU2
Affected: 10.6(1)SU2ES04
Affected: 11.6(1)ES01
Affected: 10.6(1)SU3ES02
Affected: 11.5(1)SU1ES02
Affected: 11.5(1)SU1ES01
Affected: 8.5(1)
Affected: 11.0(1)SU1ES02
Affected: 12.5(1)_SU03_ES03
Affected: 12.5(1)_SU03_ES04
Affected: 12.5(1)_SU03_ES05
Affected: 12.5(1)_SU03_ES06
Create a notification for this product.
Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
Affected: 10.5(1)
Affected: 11.0(1)
Affected: 11.5(1)
Affected: 12.0(1)
Affected: 12.5(1)
Affected: 11.0(2)
Affected: 12.6(1)
Affected: 12.5(1)SU
Affected: 12.6(1)_ET
Affected: 12.6(1)_ES05_ET
Affected: 11.0(3)
Affected: 12.6(2)
Affected: 12.6(2)_504_Issue_ET
Affected: 12.6.1_ExcelIssue_ET
Affected: 12.6(2)_Permalink_ET
Affected: 12.6.2_CSCwk19536_ET
Affected: 12.6.2_CSCwm96922_ET
Affected: 12.6.2_Amq_OOS_ET
Affected: 12.5(2)ET_CSCwi79933
Affected: 12.6(2)_ET
Affected: 12.6.2_CSCwn48501_ET
Create a notification for this product.
Cisco Cisco Unity Connection Affected: 12.5(1)
Affected: 12.5(1)SU1
Affected: 12.5(1)SU2
Affected: 12.5(1)SU3
Affected: 12.5(1)SU4
Affected: 14
Affected: 12.5(1)SU5
Affected: 14SU1
Affected: 12.5(1)SU6
Affected: 14SU2
Affected: 12.5(1)SU7
Affected: 14SU3
Affected: 12.5(1)SU8
Affected: 14SU3a
Affected: 12.5(1)SU8a
Affected: 15
Affected: 15SU1
Affected: 14SU4
Affected: 12.5(1)SU9
Create a notification for this product.
Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
Affected: 11.6(1)_ES84
Affected: 11.5(1)_ES54
Affected: 11.5(1)_ES27
Affected: 11.5(1)
Affected: 11.5(1)ES36
Affected: 12.0(1)_ES01
Affected: 11.6(1)_ES85
Affected: 12.5(1)_ES05
Affected: 11.5(1)_ES32
Affected: 11.6(1)_ES83
Affected: 11.5(1)_ES29
Affected: 12.0(1)_ES06
Affected: 12.5(1)
Affected: 12.0(1)_ES07
Affected: 11.6(1)_ES80
Affected: 12.0(1)_ES05
Affected: 11.5(1)_ES36
Affected: 11.5(1)_ES53
Affected: 12.5(1)_ES08
Affected: 11.5(1)ES43
Affected: 12.0(1)_ES03
Affected: 11.6(1)_ES86
Affected: 12.0(1)_ES04
Affected: 11.5(1)ES27
Affected: 12.5(1)_ES03
Affected: 11.6(1)_ES88
Affected: 12.5(1)_ES06
Affected: 11.6(1)_ES82
Affected: 11.6(1)
Affected: 11.5(1)ES29
Affected: 12.5(1)_ES04
Affected: 12.5(1)_ES07
Affected: 11.6(1)_ES87
Affected: 11.6(1)_ES81
Affected: 12.0(1)
Affected: 11.6(1)_ES22
Affected: 11.5(1)_ES43
Affected: 11.5(1)ES32
Affected: 12.0(1)_ES02
Affected: 12.5(1)_ES02
Affected: 12.6(1)
Affected: 12.5(1)_ES09
Affected: 12.6(1)_ES01
Affected: 12.0(1)_ES08
Affected: 12.5(1)_ES10
Affected: 12.6(1)_ES02
Affected: 12.5(1)_ES11
Affected: 12.5(1)_ES12
Affected: 12.6(1)_ES03
Affected: 12.5(1)_ES13
Affected: 12.5(1)_ES14
Affected: 12.6(1)_ES04
Affected: 12.6(1)_ES05
Affected: 12.5(1)_ES15
Affected: 12.6(1)_ES06
Affected: 12.6(1)_ET
Affected: 12.5(1)_ES16
Affected: 12.5(1)SU
Affected: 12.5(1)_SU
Affected: 12.5(1)_SU_ES01
Affected: 12.6(1)_ES07
Affected: 12.6(2)
Affected: 12.5(1)_ES17
Affected: 12.6(1)_ES08
Affected: 12.6(1)_ES09
Affected: 12.6(1)_ES10
Affected: 12.5(1)_SU_ES02
Affected: 12.6(2)_ES01
Affected: 12.6(2)_ET01
Affected: 12.5(2)_ET
Affected: 12.6(2)_ES02
Affected: 12.6(2)_ET_Streaming
Affected: 12.6(2)ET_Transcribe
Affected: 12.6(2)_ES03
Affected: 12.6(2)ET_NuanceMix
Affected: 12.6(2)ET_FileUpload
Affected: 12.6(2)_ET02
Affected: 12.6(2)_ES04
Affected: 12.6.2ET_RTPfallback
Affected: 12.6.2ET_CSCwf55306
Affected: 12.6.2_ET_CSCwj36712
Affected: 12.5.2 ET-CSCwj33374
Affected: 12.5(1) SU ET
Affected: 12.6(2)ET_CSCwj87296
Affected: 12.6(2)_ES05
Affected: 12.5.2_ET_CSCvz27014
Affected: 12.6(2)_ET
Affected: 12.6.2-ET
Affected: 12.6(2)ET_CSCwk83135
Affected: 12.6.2_ET_CX_ALAW
Affected: 12.6.2-ET01-SSL
Affected: 12.6(2)_ES06
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-06T03:55:33.465322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:51:08.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Finesse",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)ES_Rollback"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)FIPS"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES10"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES3"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco SocialMiner",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "10.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7a"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "14SU4a"
            },
            {
              "status": "affected",
              "version": "15SU1a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "Recovery ISO"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_Amq_OOS_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unity Connection",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "14SU3a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Virtualized Voice Browser",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES84"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES54"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES27"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES36"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES85"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES05"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES32"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES83"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES29"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES07"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES80"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES05"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES36"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES53"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES08"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES43"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES86"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES27"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES88"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES06"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES82"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES29"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES07"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES87"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES81"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES22"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES43"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES32"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES11"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES12"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES13"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES14"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES15"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES16"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES07"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES17"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET01"
            },
            {
              "status": "affected",
              "version": "12.5(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET_Streaming"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_Transcribe"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES03"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_NuanceMix"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_FileUpload"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6.2ET_RTPfallback"
            },
            {
              "status": "affected",
              "version": "12.6.2ET_CSCwf55306"
            },
            {
              "status": "affected",
              "version": "12.6.2_ET_CSCwj36712"
            },
            {
              "status": "affected",
              "version": "12.5.2 ET-CSCwj33374"
            },
            {
              "status": "affected",
              "version": "12.5(1) SU ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_CSCwj87296"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES05"
            },
            {
              "status": "affected",
              "version": "12.5.2_ET_CSCvz27014"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2-ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_CSCwk83135"
            },
            {
              "status": "affected",
              "version": "12.6.2_ET_CX_ALAW"
            },
            {
              "status": "affected",
              "version": "12.6.2-ET01-SSL"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES06"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T16:18:20.661Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-vos-command-inject-65s2UCYy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
        "defects": [
          "CSCwk24029"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Communications Products Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20278",
    "datePublished": "2025-06-04T16:18:20.661Z",
    "dateReserved": "2024-10-10T19:15:13.246Z",
    "dateUpdated": "2026-02-26T17:51:08.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

If at all possible, use library calls rather than external processes to recreate the desired functionality.

Mitigation
Implementation

If possible, ensure that all external commands called from the program are statically created.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Operation

Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.

Mitigation
System Configuration

Assign permissions that prevent the user from accessing/opening privileged files.

CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-183: IMAP/SMTP Command Injection

An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

CAPEC-248: Command Injection

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC-40: Manipulating Writeable Terminal Devices

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.