Cisco IOS XE Software Web-Based Management Interface Vulnerabilities

SecurityVulns
Yanac

Multiple vulnerabilities in the web-based management interface of Cisco IOS XE Software could allow a remote attacker to read files from the underlying operating system, read limited parts of the configuration file, clear the syslog, or conduct a cross-site request forgery (CSRF) attack on an affected device, depending on their privilege level.<br><br>
For more information about these vulnerabilities, see the <a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco IOS XE Software Web-Based Management Interface Vulnerabilities%26vs_k=1#details”>Details</a> section of this advisory.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6″>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6</a><br><br>

This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href=”https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279″>Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.<br><br>

<br/>Security Impact Rating: Medium

<br/>CVE: CVE-2025-20193,CVE-2025-20194,CVE-2025-20195Cisco Security AdvisoryRead More