Unrated severityNVD Advisory· Published May 7, 2025· Updated May 7, 2025
Cisco SD-WAN vManage Stored Cross-Site Scripting Vulnerability
CVE-2025-20147
Description
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.
This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 20.1.12
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.