A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems.
This vulnerability CVE-2025-20341 caused by insufficient validation of user-supplied input, underscores the urgent need for patching among organizations that use the affected platform.
The vulnerability resides within the Cisco Catalyst Center Virtual Appliance running on VMware ESXi.
According to Cisco’s official advisory, the vulnerability allows an attacker with legitimate credentialsspecifically, any user account holding at least the Observer role to submit crafted HTTP requests to the system.
Successful exploitation enables attackers to perform unauthorized system modifications, such as creating new user accounts or elevating their own privileges, thereby compromising the appliance’s administrative controls.
This risk is especially concerning because attackers do not need initial Administrator privileges to exploit the vulnerability. Instead, any valid Observer-level account provides a foothold for privilege escalation, significantly expanding the potential attack surface within organizations using this infrastructure.
Product Scope and Impact
The vulnerability exclusively affects Cisco Catalyst Center Virtual Appliances deployed on VMware ESXi, regardless of device configuration.
Catalyst Center hardware appliances and virtual deployed on Amazon Web Services (AWS) are confirmed not to be vulnerable.
Only the products explicitly listed in the Vulnerable Products section of Cisco’s advisory are impacted, ensuring a targeted upgrade path for customers.
For details on which software releases are vulnerable and which contain the required fix, Cisco directs administrators to the advisory’s Fixed Software section.
Notably, Catalyst Center versions earlier than 2.3.7.3-VA and version 3.1 are not affected, while releases 2.3.7.3-VA and later require an upgrade to at least 2.3.7.10-VA to resolve the issue.
Cisco emphasizes that there are no viable workarounds or temporary mitigations. Customers must upgrade to the fixed software release to protect against exploitation. This underscores the urgency for administrators to promptly identify if their deployment falls within the affected versions and schedule immediate updates.
At the time of the advisory’s release, Cisco’s Product Security Incident Response Team (PSIRT) had not detected any evidence of malicious exploitation or public announcements regarding this vulnerability.
The issue was discovered internally as part of a Cisco Technical Assistance Center (TAC) support case, rather than through external reporting or detection of in-the-wild attacks.
Cisco strongly urges all customers using the affected products to consult the official security advisory and immediately upgrade to a fixed software release.
Since no workarounds exist, this is the only reliable means of mitigating the risk and ensuring continued security compliance.
Administrators are advised to review their current deployment, verify the running Catalyst Center version, and apply upgrades as indicated in Cisco’s documentation. Applying these fixes not only addresses the immediate privilege escalation vulnerability but also affirms best practices in proactive cybersecurity risk management.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.