- 253/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting Cisco Catalyst Center, both virtual and hardware appliances.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, perform phishing attacks, gain elevated privileges, or execute arbitrary commands in a restricted container with root privileges, and gain access to the affected product.
Sample of addressed vulnerabilities:
1. Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability (CVE-2025-20341):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Cisco Catalyst Center Cross-Site Scripting Vulnerability (CVE-2025-20353):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2025-20341
- CVE-2025-20346
- CVE-2025-20349
- CVE-2025-20353
- CVE-2025-20355
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.