CVE-2025-20258
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users.
| CWE | CWE-77 |
| Vendor | cisco |
| Product | cisco duo |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | May 21, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco duo
Be the first to know when new medium vulnerabilities affecting cisco cisco duo are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Cisco / Cisco Duo
N/A