CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only).

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.1:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.2:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.3:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.1:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.2:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.6:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.7:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8.1:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.2.9:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.4.0:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1.1:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2:::::::*
	cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.1:::::::*

History

No history.

Information

Published : 2025-08-14 17:15

Updated : 2025-08-25 14:44

NVD link : CVE-2025-20148

Mitre link : CVE-2025-20148

CVE.ORG link : CVE-2025-20148

JSON object : View

Products Affected

cisco

secure_firewall_management_center

CWE

CWE-20

Improper Input Validation

8.5 /10