CVE-2025-20168
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2025-20168 is a vulnerability affecting the web-based management interface of Cisco Common Services Platform Collector (CSPC). This issue permits authenticated, remote attackers to execute cross-site scripting (XSS) attacks on users of the interface. The root cause of this vulnerability is insufficient input validation by the interface, enabling attackers to inject malicious code. Successful exploitation could lead to arbitrary script execution or access to sensitive browser information. To exploit this vulnerability, an attacker needs a low-privileged account on an affected device. Unfortunately, Cisco has not yet released software updates to mitigate this issue, leaving no current solution to address it.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.