[CIVN-2025-0317] HTTP Open Redirect Vulnerability in CISCO
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
HTTP Open Redirect Vulnerability in CISCO
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Systems Affected
Cisco Catalyst Center Virtual Appliance on VMware ESXi
Overview
A vulnerability has been reported in web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
Target Audience:
All IT administrators and individuals responsible for maintaining and updating in Cisco Catalyst Center Virtual Appliance on VMware ESXi.
Risk Assessment:
High risk of data manipulation and service disruption.
Impact Assessment:
Potential impact on confidentiality, integrity, and availability of the system.
Description
This vulnerability exists due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user.
Successful exploitation of this vulnerability could allow the attacker to redirect the user to a malicious web page.
Solution
Apply appropriate updates as mentioned in Cisco Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je
Vendor Information
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je
References
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je
CVE Name
CVE-2025-20355
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkZcYkACgkQ3jCgcSdc
ys95cw//TmkCjbBm3yMlXTLaVBvuEDUqeSMTqoN3TQ6hR6LG+6oPH+Xr0T89M0n/
hydS0JofbwmuINsGH43nWDLIebBpLGMGsNydFoCD+dnK2KkkZc5efhOaadv8wZTv
JdeKPPFjEq5rTdhTyZFR/CONJbij3CK80C5MelsPWYmHUZenghNylOqz2HxhfAqd
MpLt2KGqeR2Ho5VeYs7VRKEYxRb8sAlnQYf/z0Rv78ZXKvImusDIKWrj3xbtuv9e
od2hzWe+T8CmGKvIZfMccj8rtPdacfAZYJZI23VC9AYvZCXdwCH107buBQ6MvmRG
va0zeOyPhnOacHVtYta2reghU1IC6WoxyzU3hKU7WqzjADhvpfIMT7gY/vuAp8nS
AVn81l5xpQUbaRYOR2cQ12o5R2bZCGwDvRTzmjUHns2v5Y8RC/2g44CBbCK7B312
imWEBB4QqX0Te19FCuy9YEERXqN4zuD2O7bNzW2Ljh6hav4ExJaWj5QRtYH3UMta
XoeDwofZrYGwe++FdOoaXjoCid8Qoibi/4wwkvuVrRMF1qCKVSNTPt+8zvJUpH7n
FxljvqU1JpeuQXkBQzBWXW0QRXpRRFx+72ySb4rzlsqnRfc4gpuXdhTEah4ADMqp
cEcHscuTQeIR8IfcTd/lesOQsSwtJnC7qNIQdZPZJlLehnZ40J8=
=Etwj
—–END PGP SIGNATURE—–
![[CIVN-2025-0318] Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based)](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
