How severe is CVE-2025-20210?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2025-20210?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2025-20210 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.

Related Vulnerabilities

CVE-2022-35865

HIGH

CVSS:7.3(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific ...

CWE-3062022

CVE-2022-43989

HIGH

CVSS:7.3(High)

Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as Rec...

CWE-3062022

CVE-2022-43990

HIGH

CVSS:7.3(High)

Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel b...

CWE-3062022

CVE-2024-10774

HIGH

CVSS:7.3(High)

Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.

CWE-3062024

CVE-2024-40408

HIGH

CVSS:7.3(High)

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user pro...

CWE-3062024

CVE-2024-41791

MEDIUM

CVSS:7.3(High)

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauth...

CWE-3062024