PT-2025-20280 · Cisco · Cisco Catalyst Center
Published
2025-05-07
·
Updated
2025-07-23
·
CVE-2025-20223
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Cisco Catalyst Center versions (affected versions not specified)
Description
A vulnerability could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This issue is due to insufficient enforcement of access control on HTTP requests. An attacker could exploit this by submitting a crafted HTTP request to an affected device, potentially allowing them to read and modify data handled by an internal service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Catalyst Center