CVE-2025-20346

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:catalyst_center:*:*:*:*:*:*:*:*

History

19 Nov 2025, 17:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:cisco:catalyst_center::::::::
CWE		NVD-CWE-noinfo
First Time		Cisco Cisco catalyst Center
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU - Vendor Advisory

13 Nov 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-13 17:15

Updated : 2025-11-19 17:16

NVD link : CVE-2025-20346

Mitre link : CVE-2025-20346

CVE.ORG link : CVE-2025-20346

JSON object : View

Products Affected

cisco

catalyst_center

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

4.3 /10