Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-20293

CVSS 5.3 · Medium EPSS 0.03% · P8
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-20293

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. This vulnerability is due to incomplete cleanup upon completion of the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests to an affected device. A successful exploit could allow the attacker to request a certificate from the virtual wireless controller and then use the acquired certificate to join an attacker-controlled device to the virtual wireless controller.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
清理环节不完整
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOS XE Software 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOS XE Software是美国思科(Cisco)公司的一种网络操作系统。 Cisco IOS XE Software存在安全漏洞,该漏洞源于Day One设置过程清理不完整,可能导致未经身份验证的远程攻击者访问PKI服务器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco IOS XE Software 16.10.1 -

II. Public POCs for CVE-2025-20293

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-20293

登录查看更多情报信息。

Same Patch Batch · Cisco · 2025-09-24 · 17 CVEs total

CVE-2025-203348.8 HIGHCisco IOS XE 命令注入漏洞
CVE-2025-203158.6 HIGHCisco IOS XE 安全漏洞
CVE-2025-201608.1 HIGHCisco IOS和Cisco IOS XE Software 授权问题漏洞
CVE-2025-203277.7 HIGHCisco IOS 安全漏洞
CVE-2025-203127.7 HIGHCisco IOS XE 安全漏洞
CVE-2025-203527.7 HIGHCisco IOS和Cisco IOS XE Software 安全漏洞
CVE-2025-203117.4 HIGHCisco IOS XE Software 代码问题漏洞
CVE-2025-203146.7 MEDIUMCisco IOS XE 安全漏洞
CVE-2025-203136.7 MEDIUMCisco IOS XE 安全漏洞
CVE-2025-201496.5 MEDIUMCisco IOS和Cisco IOS XE 安全漏洞
CVE-2025-202406.1 MEDIUMCisco IOS XE Software 安全漏洞
CVE-2025-203386.0 MEDIUMCisco IOS XE 安全漏洞
CVE-2025-203395.8 MEDIUMCisco SD-WAN vEdge Software Access Control List Bypass Vulnerability
CVE-2025-203165.3 MEDIUMCisco IOS XE 访问控制错误漏洞
CVE-2025-203654.3 MEDIUMCisco Access Point Software 安全漏洞
CVE-2025-203644.3 MEDIUMCisco Wireless LAN Controller 安全漏洞

IV. Related Vulnerabilities

Same product: Cisco IOS XE Software
Same vendor: Cisco
Same weakness: CWE-459

V. Comments for CVE-2025-20293

No comments yet

Leave a comment