CVE-2025-20240 in IOS XE
요약
\~에 의해 MITRE • 2025. 09. 24.
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device.
This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.