CVE-2025-20334

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the HTTP API subsystem of Cisco IOS XE Software that may allow a remote attacker to inject commands that will execute with root privileges on the underlying operating system. This is caused by inadequate input validation. An attacker with administrative privileges could exploit this by authenticating to an affected system and performing an API call with crafted input. An unauthenticated attacker could also persuade a legitimate user with administrative privileges to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.