Sign-up

ID

VAR-202501-0173


CVE

CVE-2025-20123


TITLE

Cisco Systems  Cisco Crosswork Network Controller  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-009743

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Cisco Systems Cisco Crosswork Network Controller Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. When the malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked

Trust: 2.16

sources: NVD: CVE-2025-20123 // JVNDB: JVNDB-2025-009743 // CNVD: CNVD-2025-01383

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-01383

AFFECTED PRODUCTS

vendor:ciscomodel:crosswork network controllerscope:ltversion:5.0.4

Trust: 1.0

vendor:ciscomodel:crosswork network controllerscope:gteversion:5.0.0

Trust: 1.0

vendor:ciscomodel:crosswork network controllerscope:gteversion:7.0.0

Trust: 1.0

vendor:ciscomodel:crosswork network controllerscope:ltversion:6.0.3

Trust: 1.0

vendor:ciscomodel:crosswork network controllerscope:ltversion:7.0.1

Trust: 1.0

vendor:ciscomodel:crosswork network controllerscope:gteversion:6.0.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco crosswork network controllerscope:eqversion:6.0.0 that's all 6.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco crosswork network controllerscope:eqversion:7.0.0 that's all 7.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco crosswork network controllerscope:eqversion:5.0.0 that's all 5.0.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco crosswork network controllerscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:crosswork network controllerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-01383 // JVNDB: JVNDB-2025-009743 // NVD: CVE-2025-20123

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2025-20123
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-009743
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-01383
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-01383
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

psirt@cisco.com: CVE-2025-20123
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-009743
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-01383 // JVNDB: JVNDB-2025-009743 // NVD: CVE-2025-20123

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009743 // NVD: CVE-2025-20123

PATCH

title:cisco-sa-xwork-xss-KCcg7WwUurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU

Trust: 0.8

title:Patch for Cisco Crosswork Network Controller Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/651341

Trust: 0.6

sources: CNVD: CNVD-2025-01383 // JVNDB: JVNDB-2025-009743

EXTERNAL IDS

db:NVDid:CVE-2025-20123

Trust: 3.2

db:JVNDBid:JVNDB-2025-009743

Trust: 0.8

db:CNVDid:CNVD-2025-01383

Trust: 0.6

sources: CNVD: CNVD-2025-01383 // JVNDB: JVNDB-2025-009743 // NVD: CVE-2025-20123

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2025-20123

Trust: 1.4

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xwork-xss-kccg7wwu

Trust: 1.0

sources: CNVD: CNVD-2025-01383 // JVNDB: JVNDB-2025-009743 // NVD: CVE-2025-20123

SOURCES

db:CNVDid:CNVD-2025-01383
db:JVNDBid:JVNDB-2025-009743
db:NVDid:CVE-2025-20123

LAST UPDATE DATE

2025-07-26T23:19:28.148000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-01383date:2025-01-14T00:00:00
db:JVNDBid:JVNDB-2025-009743date:2025-07-24T06:44:00
db:NVDid:CVE-2025-20123date:2025-07-23T15:39:33.987

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-01383date:2025-01-14T00:00:00
db:JVNDBid:JVNDB-2025-009743date:2025-07-24T00:00:00
db:NVDid:CVE-2025-20123date:2025-01-08T16:15:38.150