CVE-2025-20240 | Cisco IOS XE up to 17.16.1a Web UI incomplete denylist to cross-site scripting (cisco-sa-webui-xss-VWyDgjOU)

A vulnerability labeled as problematic has been found in Cisco IOS XE. This affects an unknown function of the component Web UI. Executing manipulation can lead to incomplete denylist to cross-site scripting.

This vulnerability is tracked as CVE-2025-20240. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More