CVE-2025-20198HIGH 8.2EPSS p3.7%

CVE-2025-20198CVE-2025-20198

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.14% probability of exploitation · percentile 3.7% · 2026-06-19T12:03:05Z
Published2025-05-07
Last modified2025-07-08

Underlying weaknesses· 1

CWE-754

References

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp

1

TypeTargetConfidenceTier
WeaknessImproper Check for Unusual or Exceptional Conditionscwe-7540%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-20197
CVE
CVE-2025-20199
CVE
CVE-2025-20200
CVE
CVE-2025-20138
CVE
CVE-2026-20040
CVE
CVE-2025-20334
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.