CVE-2025-20116

Name of the Vulnerable Software and Affected Versions Cisco APIC (affected versions not specified)

Description A stored XSS attack can be performed by an authenticated, remote attacker on the web UI of the system. The issue arises from improper input validation in the web UI, allowing an attacker with valid administrative credentials to inject malicious code into specific pages. This could lead to the execution of arbitrary script code in the context of the web UI or access to sensitive, browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.