Cyber Resilience

CVE-2025-20341

High

Published: 13 November 2025

Published
13 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 50.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20341 is a high-severity Improper Access Control (CWE-284) vulnerability in Cisco Catalyst Center (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-20341 is a privilege escalation vulnerability in the Cisco Catalyst Center Virtual Appliance, stemming from insufficient validation of user-supplied input. Published on 2025-11-13, it has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-284 (Improper Access Control). An authenticated, remote attacker could exploit this flaw to gain Administrator privileges on the affected system.

To exploit the vulnerability, an attacker requires valid credentials for a user account with at least the Observer role. By submitting a crafted HTTP request to the affected system, the attacker can perform unauthorized modifications, including creating new user accounts or elevating their own privileges to Administrator level.

The Cisco Security Advisory provides details on this vulnerability, including affected versions and mitigation recommendations, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX.

EU & UK References

Vulnerability details

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by…

more

submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
Why these techniques?

The vulnerability enables privilege escalation from Observer to Administrator via crafted HTTP requests (T1068) and facilitates unauthorized account creation (T1136).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57378Shared CWE-284
CVE-2024-56898Shared CWE-284
CVE-2026-48898Shared CWE-284
CVE-2026-25176Shared CWE-284
CVE-2026-48899Shared CWE-284
CVE-2026-37526Shared CWE-284
CVE-2024-56883Shared CWE-284
CVE-2026-42823Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-41086Shared CWE-284

Affected Assets

Cisco
Catalyst Center
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause by requiring validation of user-supplied input in crafted HTTP requests to prevent malicious processing.

prevent

Enforces approved access control policies to block unauthorized privilege escalations and system modifications despite Observer credentials.

prevent

Applies least privilege to Observer role accounts, limiting the scope of potential damage from exploitation even if input validation fails.

References