CVE-2025-20338
MEDIUMDescription
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
References
Frequently Asked Questions
What is CVE-2025-20338? +
How severe is CVE-2025-20338? +
What products are affected by CVE-2025-20338? +
How do I check if I'm vulnerable to CVE-2025-20338? +
Related Vulnerabilities
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit …
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP …
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. …
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles …
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload …
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) …