A serious security vulnerability has been discovered in Cisco Catalyst Center Virtual Appliance, allowing attackers with low-level access to escalate privileges and gain full administrator control.
This flaw, tracked as CVE-2025-20341, carries a CVSS score of 8.8 (High) and poses a major risk to organizations using these appliances for network management.
What is CVE-2025-20341?
The vulnerability affects Cisco Catalyst Center Virtual Appliances running on VMware ESXi. It stems from poor input validation in HTTP request handling.
Attackers can send specially crafted HTTP requests that bypass validation checks, tricking the system into granting elevated privileges.
Why is this vulnerability critical?
- Remote exploitation possible: Attack can be launched over the network.
- Minimal access required: Even users with Observer role can exploit it.
- Full control after exploitation: Attackers can:
- Create new accounts
- Modify system settings
- Compromise network infrastructure
Technical Details
- CVE ID: CVE-2025-20341
- CVSS Score: 8.8 (High)
- Affected Product: Cisco Catalyst Center Virtual Appliance (VMware ESXi)
- Vulnerable Versions: 2.3.7.3-VA and later
- Fixed Version: 2.3.7.10-VA
- Attack Vector: Network (Remote)
| CVE ID | CVSS Score | Product | Vulnerable Versions | Fixed Version | Attack Vector |
|---|---|---|---|---|---|
| CVE-2025-20341 | 8.8 (High) | Cisco Catalyst Center Virtual Appliance | 2.3.7.3-VA and later | 2.3.7.10-VA | Network |
How to Mitigate the Risk
- Update immediately: Cisco released version 2.3.7.10-VA to patch the flaw.
- No workarounds available: The update is the only effective solution.
- Not affected: Hardware appliances and AWS-based virtual appliances.
FAQ
Are there public exploits yet?
No, Cisco reports no known exploits at this time.
Who is at risk?
Organizations running Cisco Catalyst Center Virtual Appliances on VMware ESXi.
How urgent is the update?
Critical – patch immediately to prevent remote attacks.
