A significant security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance, allowing attackers with basic access to escalate their privileges to administrator level. The flaw, tracked as CVE-2025-20341, has a high severity rating of 8.8 and impacts virtual appliances on VMware ESXi. Attackers can exploit this vulnerability by sending specially crafted HTTP requests that bypass input validation mechanisms, granting them unauthorized access to critical system functions.
Cisco has confirmed that the vulnerability affects versions 2.3.7.3-VA and later of the Catalyst Center Virtual Appliance. Organizations are urged to upgrade to the patched version 2.3.7.10-VA to mitigate the risks. Currently, no public exploits have been reported, providing a crucial window for organizations to secure their systems before potential attacks occur. Given that hardware appliances and AWS-based virtual appliances are unaffected, organizations using vulnerable versions should prioritize this update to maintain their network security.
👉 Pročitaj original: Cyber Security News
