Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025093009095757 | Publication Time | 2025/09/30 09:11 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/09/30 09:11 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-20334) exists in Cisco IOS XE. |
|||
| [Content] Forwarded from TWCERTCC-200-202509-00000014 Cisco has issued a critical security advisory (CVE-2025-20334, CVSS: 8.8). This vulnerability exists in the HTTP API subsystem of Cisco IOS XE due to insufficient input validation. An attacker with administrator privileges could exploit it by sending specially crafted API requests to the affected system for authentication. An unauthenticated remote attacker could also exploit it by tricking a legitimate administrator into clicking a crafted link to trigger the vulnerability. If successfully exploited, the attacker may execute arbitrary commands as root on the affected system. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL#fs |
|||
|
[Recommended Actions] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10410-5dfbf-1.html |
|||