CVE-2025-20166

Summary

CVE-2025-20166 is a vulnerability affecting the web-based management interface of Cisco Common Services Platform Collector (CSPC). This issue allows authenticated, remote attackers to carry out cross-site scripting (XSS) attacks on interface users. The vulnerability stems from inadequate input validation by the interface, enabling an attacker to inject malicious code. Successful exploitation could result in the execution of arbitrary script code or access to sensitive browser-based information. It is important to note that an attacker must possess at least a low-privileged account on the affected device to exploit this flaw. At present, Cisco has not released any software updates to rectify this vulnerability, leaving no known workarounds in place.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.