๐Ÿ” CVE Alert

CVE-2025-20261

HIGH 8.8

Cisco Integrated Management Controller Privilege Escalation Vulnerability

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

CWE CWE-923
Vendor cisco
Product cisco unified computing system (managed)
Ecosystems
Industries
NetworkingTelecommunications
Published Jun 4, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco unified computing system (managed)

Be the first to know when new high vulnerabilities affecting cisco cisco unified computing system (managed) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Cisco / Cisco Unified Computing System (Managed)
4.0(1a) 3.2(3n) 4.1(1a) 4.1(1b) 4.0(4h) 4.1(1c) 3.2(3k) 3.2(2c) 4.0(4e) 4.0(4g) 3.2(3i) 4.0(2e) 3.2(3g) 4.0(4a) 4.0(2d) 3.2(2d) 4.0(1b) 4.0(4f) 3.2(3h) 3.2(2f) 4.0(4c) 3.2(3a) 4.0(1c) 3.2(3d) 3.2(2b) 4.0(4b) 3.2(2e) 4.0(2b) 4.0(4d) 3.2(1d) 3.2(3e) 3.2(3l) 3.2(3b) 4.0(2a) 3.2(3j) 4.0(1d) 3.2(3o) 4.0(4i) 4.1(1d) 4.1(2a) 4.1(1e) 3.2(3p) 4.1(2b) 4.0(4k) 4.1(3a) 4.1(3b) 4.1(2c) 4.0(4l) 4.1(4a) 4.1(3c) 4.1(3d) 4.2(1c) 4.2(1d) 4.0(4m) 4.1(3e) 4.2(1f) 4.1(3f) 4.2(1i) 4.2(1k) 4.0(4n) 4.1(3h) 4.2(1l) 4.2(1m) 4.1(3i) 4.2(2a) 4.2(1n) 4.1(3j) 4.2(2c) 4.2(2d) 4.2(3b) 4.1(3k) 4.0(4o) 4.2(2e) 4.2(3d) 4.2(3e) 4.2(3g) 4.1(3l) 4.3(2b) 4.2(3h) 4.2(3i) 4.3(2c) 4.1(3m) 4.3(2e) 4.3(3a) 4.2(3j) 4.3(3c) 4.3(4a) 4.3(4b) 4.3(2f) 4.1(3n)
Cisco / Cisco Unified Computing System (Standalone)
4.0(2g) 3.1(2i) 3.1(1d) 4.0(4i) 4.1(1c) 4.0(2c) 4.0(1e) 4.0(2h) 4.0(4h) 4.0(1h) 4.0(2l) 3.1(3g) 4.0(1.240) 4.0(2f) 4.0(1g) 4.0(2i) 3.1(3i) 4.0(4d) 4.1(1d) 3.1(3c) 4.0(4k) 3.1(2d) 3.1(3a) 3.1(3j) 4.0(2d) 4.1(1f) 4.0(4j) 4.0(2m) 4.0(2k) 4.0(1c) 4.0(4f) 4.0(4c) 3.1(3d) 3.1(2g) 3.1(2c) 4.0(1d) 3.1(2e) 4.0(1a) 4.0(1b) 3.1(3b) 4.0(4b) 3.1(2b) 4.0(4e) 3.1(3h) 4.0(4l) 4.1(1g) 4.1(2a) 4.0(2n) 4.1(1h) 3.1(3k) 4.1(2b) 4.0(2o) 4.0(4m) 4.1(2d) 4.1(3b) 4.0(2p) 4.1(2e) 4.1(2f) 4.0(4n) 4.0(2q) 4.1(3c) 4.0(2r) 4.1(3d) 4.1(2g) 4.1(2h) 4.1(3g) 4.1(3f) 4.1(2j) 4.1(2k) 4.1(3h) 4.2(2a) 4.1(3i) 4.1(3l) 4.2(1e) 4.2(1b) 4.2(1j) 4.2(1i) 4.2(1f) 4.2(1a) 4.2(1c) 4.2(1g) 4.1(2l) 4.1(3m) 4.1(2m) 4.1(3n)

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM