cvelistv5 - cve-2025-20148

CVE-2025-20148 (GCVE-0-2025-20148)

Vulnerability from cvelistv5

Published

2025-08-14 16:28

Modified

2025-08-14 19:21

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE

CWE-20 - Improper Input Validation

Summary

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only).

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Firepower Management Center	Version: 7.2.4 Version: 7.0.6 Version: 7.2.4.1 Version: 7.2.5 Version: 7.4.0 Version: 7.0.6.1 Version: 7.2.5.1 Version: 7.4.1 Version: 7.2.6 Version: 7.4.1.1 Version: 7.0.6.2 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.4.2 Version: 7.2.8.1 Version: 7.0.6.3 Version: 7.4.2.1 Version: 7.2.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T18:41:04.289481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-14T19:21:14.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Firepower Management Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.2"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.3"
            },
            {
              "status": "affected",
              "version": "7.4.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.\r\n\r\nThis vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T16:28:24.190Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-fmc-html-inj-MqjrZrny",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fmc-html-inj-MqjrZrny",
        "defects": [
          "CSCwk85702"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Firewall Management Center HTML Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20148",
    "datePublished": "2025-08-14T16:28:24.190Z",
    "dateReserved": "2024-10-10T19:15:13.215Z",
    "dateUpdated": "2025-08-14T19:21:14.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-AVI-0708

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Se référer au bulletin de l'éditeur (cf. section Documentation) pour les systèmes affectés.

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-3100	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-fmc-radius-rce-TNBKf79	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-fmc-html-inj-MqjrZrny	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-fp2k-IPsec-dos-tjwgdZCO	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asa-buffer-overflow-PyRUhWBC	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ftd-dos-SvKhtjgt	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asaftd-http-file-hUyX2jL4	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asa-ftd-ios-dos-DOESHWHy	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asaftd-ssltls-dos-eHw76vZe	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asaftd-nat-dns-dos-bqhynHTM	2025-08-14	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-asaftd-vpn-dos-mfPekA6e	2025-08-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Se r\u00e9f\u00e9rer au bulletin de l\u0027\u00e9diteur (cf. section Documentation) pour les syst\u00e8mes affect\u00e9s.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-20253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20253"
    },
    {
      "name": "CVE-2025-20148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20148"
    },
    {
      "name": "CVE-2025-20265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20265"
    },
    {
      "name": "CVE-2025-20134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20134"
    },
    {
      "name": "CVE-2025-20263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20263"
    },
    {
      "name": "CVE-2025-20127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20127"
    },
    {
      "name": "CVE-2025-20133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20133"
    },
    {
      "name": "CVE-2025-20136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20136"
    },
    {
      "name": "CVE-2025-20254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20254"
    },
    {
      "name": "CVE-2025-20217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20217"
    },
    {
      "name": "CVE-2025-20224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20224"
    },
    {
      "name": "CVE-2025-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20225"
    },
    {
      "name": "CVE-2025-20243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20243"
    },
    {
      "name": "CVE-2025-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20239"
    },
    {
      "name": "CVE-2025-20244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20244"
    },
    {
      "name": "CVE-2025-20222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20222"
    },
    {
      "name": "CVE-2025-20251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20251"
    },
    {
      "name": "CVE-2025-20252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20252"
    }
  ],
  "initial_release_date": "2025-08-18T00:00:00",
  "last_revision_date": "2025-08-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0708",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-3100",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fmc-radius-rce-TNBKf79",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fmc-html-inj-MqjrZrny",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fp2k-IPsec-dos-tjwgdZCO",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asa-buffer-overflow-PyRUhWBC",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-buffer-overflow-PyRUhWBC"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-dos-SvKhtjgt",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-SvKhtjgt"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-http-file-hUyX2jL4",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-http-file-hUyX2jL4"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asa-ftd-ios-dos-DOESHWHy",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-ssltls-dos-eHw76vZe",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-nat-dns-dos-bqhynHTM",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nat-dns-dos-bqhynHTM"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-vpn-dos-mfPekA6e",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-20148 (GCVE-0-2025-20148)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0708

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature