Cert-In-Advisories

[CIVN-2025-0199] Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability

By Published On: August 29, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Component Affected
Catalyst 8300 Series Edge uCPE
UCS Manager Software
UCS B-Series Blade Servers
UCS C-Series M6, M7, and M8 Rack Servers
UCS E-Series Servers M6
UCS X-Series Modular System
Overview
A vulnerability has been reported in   Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC)  could allow an unauthenticated, remote attacker to redirect a user to a malicious website.
Target Audience: 
All IT administrators and network professionals responsible for maintaining and updating in   Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC).
Risk Assessment:
High risk of data manipulation and service disruption.
Impact Assessment:
Potential impact on confidentiality, integrity, and availability of the system.
Description
This vulnerability exists due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link.
Successful exploitation of this vulnerability could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note:  The affected vKVM client is also included in Cisco UCS Manager.
Solution
Apply appropriate updates as mentioned in Cisco Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK
Vendor Information
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK
References
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK
CVE Name
CVE-2025-20317
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmixkecACgkQ3jCgcSdc
ys/N4hAAhNOdCl4YejjO31BuwQxhMPDxAu3Sqt6M58GIUBMmupGokPFrhYUI64h0
ja4uP3IgSDTGjaCRIweB2fORUD8sCYN59D/QUFMsNvcWta+4asl7s7lt/xIOLcxY
0qy9ETEtdfJxapNmO3166+QgRRvzpUF8kv1pM6zJSrZUpuxqX0EGSdur0SkKYdOY
/fmCdK6WaakFP+e3tsH6Pk69QuMggzj7DQQS4inEbzzinnEwyB7qAl3r6I2oiafH
q9hEBu5/P6taLW7x4QiTcHH4JC2uilgyzEvHIcrYn4oKV39fPqo+mPWNZzEWaFm8
oQnCEaQ7+xUFt6AiL0KqpTis3CSsqA7mB8q7Q0iCQe2+GyXbynrG5lrKz98nmy1L
BGNgl81abb0UcChIG5J1ML/m9QAv/wA41Q9a6HCZWvi7fJJRZwqyuThZN9Hv7SW6
r5mHm67HXBjcLEobMbX2+5qnAx9Dnnlm/o86TqWJ6ff/VGg8wT4eXDNpcDcIoMUn
d2wA10YsjR10OyN0iwj+WnRt3T4TXIjm5IM7gneuYzWiAfJmHRUH8dneSM2sWuQU
rLTalo081Da15UjuBleqt8BQfF2+FhsQ7o1kQL3JQKopQwhnoeCxsdmUfsYsky6/
aoT9wLi6vjl6EfewTAytxaZX6ZGrbTiJtYU27DmpMv/cXHXQBEY=
=65FB
—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIVN-2025-0198] Denial of Service Vulnerability in CISCO

[CIVN-2025-0198] Denial of Service Vulnerability in CISCO

August 29, 2025
[CIVN-2025-0197] XML External Entity (XXE) vulnerability in Apache Tika PDF parser module

[CIVN-2025-0197] XML External Entity (XXE) vulnerability in Apache Tika PDF parser module

August 27, 2025
[CIVN-2025-0196] Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway

[CIVN-2025-0196] Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway

August 27, 2025
Total Views: 10|Daily Views: 3
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!