CVE-2025-20338

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the Command Line Interface (CLI) of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root on the affected device. This is due to inadequate validation of user-supplied arguments passed to specific CLI commands. An attacker must first log in to the device CLI with valid administrative credentials (level 15) and then use specially crafted commands at the CLI prompt to exploit this issue. A successful exploit could grant the attacker the ability to execute commands with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.