Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20178

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

Published

2025-04-16T16:15:29.457

Last Modified

2025-08-01T18:31:17.653

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-347
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.0 Yes
Application cisco secure_network_analytics 7.5.1 Yes
Application cisco secure_network_analytics 7.5.1 Yes
Application cisco secure_network_analytics 7.5.1 Yes
Application cisco secure_network_analytics 7.5.1 Yes
Application cisco secure_network_analytics 7.5.1 Yes
Application cisco secure_network_analytics 7.5.1 Yes
Application cisco secure_network_analytics 7.5.2 Yes
References