CVE-2025-20355

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

Severity	MEDIUM
CVSS	4.7
EPSS	0.02% EPSS low
CWE	CWE-601
KEV
Published	6 months ago
Modified	1 month ago

Public Affected Products

Product	Advisory	Evidence
Cisco Digital Network Architecture Center (DNA Center)	cisco-sa-catc-open-redirect-3W5Bk3Je	Cisco CSAF · structured affected