CVE-2025-20164

HIGH Year: 2025
CVSS v3 Score
8.3
High
Weakness Type
CWE-862
View all →

Vulnerability Description

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

Related Vulnerabilities

CVE-2020-6298

HIGH
CVSS:8.3(High)

SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure valu...

CWE-8622020

CVE-2022-2732

HIGH
CVSS:8.3(High)

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

CWE-8622022

CVE-2023-34063

HIGH
CVSS:8.3(High)

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

CWE-8622023

CVE-2023-47771

HIGH
CVSS:8.3(High)

Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18.

CWE-8622023

CVE-2023-47783

HIGH
CVSS:8.3(High)

Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0.

CWE-8622023

CVE-2024-38744

HIGH
CVSS:8.3(High)

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Po...

CWE-8622024