How severe is CVE-2025-20168?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-20168?

This is classified as CWE-86, which is a common weakness in software security.

CVE-2025-20168 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2025-20166

MEDIUM

CVSS:5.4(Medium)

CWE-862025

CVE-2025-20167

MEDIUM

CVSS:5.4(Medium)

CWE-862025

CVE-2023-22840

MEDIUM

CVSS:5.5(Medium)

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.

CWE-862023

CVE-2024-10941

MEDIUM

CVSS:4.3(Medium)

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

CWE-862024

CVE-2021-33158

HIGH

CVSS:7.2(High)

Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via lo...

CWE-862021

CVE-2023-31126

CRITICAL

CVSS:9.6(Critical)

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code an...

CWE-862023