CVE-2025-20258

Name of the Vulnerable Software and Affected Versions Cisco Duo (affected versions not specified)

Description A vulnerability in the self-service portal could allow an unauthenticated, remote attacker to inject arbitrary commands into emails sent by the service. This issue is due to insufficient input validation, allowing an attacker to exploit it by injecting arbitrary commands into a portion of an email. A successful exploit could allow the attacker to send emails containing malicious content to unsuspecting users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.