CVE-2025-20341
Published: 13 November 2025
Summary
CVE-2025-20341 is a high-severity Improper Access Control (CWE-284) vulnerability in Cisco Catalyst Center (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 49.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the root cause by requiring validation of user-supplied input in crafted HTTP requests to prevent malicious processing.
Enforces approved access control policies to block unauthorized privilege escalations and system modifications despite Observer credentials.
Applies least privilege to Observer role accounts, limiting the scope of potential damage from exploitation even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables privilege escalation from Observer to Administrator via crafted HTTP requests (T1068) and facilitates unauthorized account creation (T1136).
NVD Description
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by…
more
submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
Deeper analysisAI
CVE-2025-20341 is a privilege escalation vulnerability in the Cisco Catalyst Center Virtual Appliance, stemming from insufficient validation of user-supplied input. Published on 2025-11-13, it has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-284 (Improper Access Control). An authenticated, remote attacker could exploit this flaw to gain Administrator privileges on the affected system.
To exploit the vulnerability, an attacker requires valid credentials for a user account with at least the Observer role. By submitting a crafted HTTP request to the affected system, the attacker can perform unauthorized modifications, including creating new user accounts or elevating their own privileges to Administrator level.
The Cisco Security Advisory provides details on this vulnerability, including affected versions and mitigation recommendations, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX.
Details
- CWE(s)