CVE-2025-20123

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller (affected versions not specified)

Description The vulnerability exists in the web-based management interface of Cisco Crosswork Network Controller due to improper validation of user-supplied input. An authenticated, remote attacker could exploit this issue by inserting malicious data into specific data fields in the interface, potentially allowing the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The attacker must have valid administrative credentials to exploit this vulnerability.

Recommendations For all affected versions, update to the latest software version released by Cisco, which addresses these vulnerabilities. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface with administrative credentials from untrusted sources until the issue is resolved. At the moment, there are no other workarounds that address these vulnerabilities.