๐Ÿ” CVE Alert

CVE-2025-20164

HIGH 8.3
CVSS Score
8.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

CWE CWE-862
Vendor cisco
Product ios
Ecosystems
Industries
TechnologyMobileNetworkingTelecommunications
Published May 7, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for cisco ios

Be the first to know when new high vulnerabilities affecting cisco ios are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Affected Versions

Cisco / IOS
15.0(2)SE8 15.0(2)EA 15.0(2)EA1 15.2(2)E 15.2(2)E1 15.2(3)E1 15.2(2)E2 15.2(2)E3 15.2(2a)E2 15.2(3)E2 15.2(3)E3 15.2(2)E4 15.2(2)E5 15.2(3)E4 15.2(5)E 15.2(2)E6 15.2(5)E1 15.2(2)E5a 15.2(5a)E1 15.2(2)E7 15.2(5)E2 15.2(6)E 15.2(5)E2c 15.2(2)E8 15.2(6)E0a 15.2(6)E1 15.2(6)E0c 15.2(2)E9 15.2(7)E 15.2(2)E10 15.2(6)E2a 15.2(7)E0b 15.2(7)E0s 15.2(6)E3 15.2(7)E2 15.2(7)E3 15.2(7)E1a 15.2(7)E4 15.2(8)E 15.2(8)E1 15.2(7)E5 15.2(7)E6 15.2(8)E2 15.2(7)E7 15.2(8)E3 15.2(7)E8 15.2(8)E4 15.2(7)E9 15.2(8)E5 15.2(8)E6 15.2(7)E10 15.2(7)E11 15.2(1)EY 15.0(2)EK 15.0(2)EK1 15.2(2)EB 15.2(2)EB1 15.2(2)EB2 15.2(6)EB 15.2(2)EA 15.2(2)EA2 15.2(3)EA 15.2(4)EA 15.2(4)EA1 15.2(2)EA3 15.2(4)EA4 15.2(4)EA5 15.2(4)EA6 15.2(4)EA7 15.2(4)EA8 15.2(4)EA9 15.2(4)EA9a 15.2(4)EC1 15.2(4)EC2 15.3(3)JPU

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3