How severe is CVE-2025-20194?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-20194?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2025-20194 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read limited files from the underlying operating system or clear the syslog and licensing logs on the affected device.

Related Vulnerabilities

CVE-2020-11084

MEDIUM

CVSS:5.4(Medium)

In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any...

CWE-782020

CVE-2021-32475

MEDIUM

CVSS:5.4(Medium)

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported ve...

CWE-782021

CVE-2024-10896

MEDIUM

CVSS:5.4(Medium)

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site...

CWE-782024

CVE-2016-6459

MEDIUM

CVSS:5.5(Medium)

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CS...

CWE-782016

CVE-2016-7844

MEDIUM

CVSS:5.5(Medium)

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.

CWE-782016

CVE-2019-14337

MEDIUM

CVSS:5.5(Medium)

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin...

CWE-782019