Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-20334) exists in Cisco IOS XE.

publish date : 2025-10-03 update date : 2025-10-03

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025093009095757 Publication Time 2025/09/30 09:11
Incident Type ANA-Vulnerability Alert Discovery Time 2025/09/30 09:11
Impact Level Low  
[Subject]
【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-20334) exists in Cisco IOS XE.
[Content]
Forwarded from TWCERTCC-200-202509-00000014

Cisco has issued a critical security advisory (CVE-2025-20334, CVSS: 8.8). This vulnerability exists in the HTTP API subsystem of Cisco IOS XE due to insufficient input validation. An attacker with administrator privileges could exploit it by sending specially crafted API requests to the affected system for authentication. An unauthenticated remote attacker could also exploit it by tricking a legitimate administrator into clicking a crafted link to trigger the vulnerability. If successfully exploited, the attacker may execute arbitrary commands as root on the affected system.

Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
If the HTTP server feature is enabled on Cisco IOS XE systems, it is recommended to check the official website to verify which versions are affected by this vulnerability:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL#fs

[Recommended Actions]
Please refer to the official advisory for update instructions:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL
[Reference]
https://www.twcert.org.tw/tw/cp-169-10410-5dfbf-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print