A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems.
The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a CVSS score of 8.8.
This flaw poses a major risk to organizations using these systems for network management and monitoring.
The vulnerability stems from poor input validation within the system. When users submit data through web requests, the software fails to properly check and verify the information.
This oversight creates an opportunity for attackers to send specially designed HTTP requests that trick the system into granting them higher privileges.
The attack can be carried out remotely over the network, making it particularly dangerous for exposed systems.
What makes this vulnerability concerning is that an attacker only needs basic access credentials to exploit it.
Someone with Observer role permissions, which are typically given to users who need to view system information, can use this flaw to elevate their privileges to Administrator level.
Once they gain administrator access, attackers can create new user accounts, modify system settings, and perform other unauthorized actions that compromise the security of the entire network infrastructure.
Cisco security researchers identified this vulnerability during work on a support case with the Technical Assistance Center.
The company has confirmed that no public exploits have been observed yet, which gives organizations a window to patch their systems before widespread attacks begin.
Technical Details and Mitigation
The vulnerability affects Cisco Catalyst Center Virtual Appliance versions 2.3.7.3-VA and later releases.
The security flaw is rooted in insufficient validation mechanisms that process user-supplied input through HTTP requests.
When the system receives these crafted requests, it fails to properly sanitize the data before processing privilege escalation operations.
Cisco has released version 2.3.7.10-VA as the fixed release that addresses this security issue. Organizations running affected versions should upgrade immediately to this patched version.
| CVE ID | CVSS Score | Affected Product | Vulnerable Versions | Fixed Version | Attack Vector |
|---|---|---|---|---|---|
| CVE-2025-20341 | 8.8 (High) | Cisco Catalyst Center Virtual Appliance (VMware ESXi) | 2.3.7.3-VA and later | 2.3.7.10-VA | Network (Remote) |
The company has stated that no workarounds are available, making the software update the only effective way to protect against this vulnerability.
Hardware appliances and AWS-based virtual appliances are not affected by this issue.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
