CVE-2025-20223

Vulnerability

A vulnerability in Cisco Catalyst Center (formerly Cisco DNA Center) allows an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device [1]. The root cause is insufficient enforcement of access control on HTTP requests [1]. This vulnerability affects Cisco Catalyst Center deployments that have Disaster Recovery enabled; Disaster Recovery is not enabled by default [1].

Exploitation

An attacker must have valid authentication credentials to the affected device and must be able to submit crafted HTTP requests [1]. The attacker does not require any additional privileges beyond those for normal authenticated access. To exploit the vulnerability, the attacker sends a specially crafted HTTP request to the affected device [1].

Impact

Successful exploitation allows the attacker to read and modify data that is handled by an internal service on the affected device [1]. This can lead to unauthorized access to sensitive data and potential corruption or manipulation of service data, affecting confidentiality and integrity of the system.

Mitigation

Cisco has released software updates that address this vulnerability; there are no workarounds [1]. Administrators should apply the fixed software versions as specified in the Cisco Security Advisory [1]. At the time of publication, the vulnerability affects deployments with Disaster Recovery enabled; disabling Disaster Recovery may reduce the attack surface, but the official fix is the recommended mitigation [1].