A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Cisco |
|
No data.
No data.
References
History
Fri, 14 Nov 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cisco
Cisco digital Network Architecture Center |
|
| Vendors & Products |
Cisco
Cisco digital Network Architecture Center |
Thu, 13 Nov 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 13 Nov 2025 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. | |
| Title | Cisco Catalyst Center Software HTTP Open Redirect Vulnerability | |
| Weaknesses | CWE-601 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2025-11-13T16:18:14.450Z
Updated: 2025-11-13T16:51:21.740Z
Reserved: 2024-10-10T19:15:13.257Z
Link: CVE-2025-20355
Vulnrichment
Updated: 2025-11-13T16:50:59.803Z
NVD
Status : Awaiting Analysis
Published: 2025-11-13T17:15:46.220
Modified: 2025-11-14T16:42:03.187
Link: CVE-2025-20355
Redhat
No data.