CVE Alert: CVE-2025-20317 - Cisco - Cisco Unified Computing System (Managed)

CVE-2025-20317

HIGHNo exploitation known

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager.

CVSS v3.1 (7.1)

AV NETWORK · AC LOW · PR NONE · UI REQUIRED · S UNCHANGED

Vendor

Cisco, Cisco, Cisco

Product

Cisco Unified Computing System (Managed), Cisco Unified Computing System (Standalone), Cisco Unified Computing System E-Series Software (UCSE)

Versions

4.0(1a) | 3.2(3n) | 4.1(1a) | 4.1(1b) | 4.0(4h) | 4.1(1c) | 3.2(3k) | 3.2(2c) | 4.0(4e) | 4.0(4g) | 3.2(3i) | 4.0(2e) | 3.2(3g) | 4.0(4a) | 4.0(2d) | 3.2(2d) | 4.0(1b) | 4.0(4f) | 3.2(3h) | 3.2(2f) | 4.0(4c) | 3.2(3a) | 4.0(1c) | 3.2(3d) | 3.2(2b) | 4.0(4b) | 3.2(2e) | 4.0(2b) | 4.0(4d) | 3.2(1d) | 3.2(3e) | 3.2(3l) | 3.2(3b) | 4.0(2a) | 3.2(3j) | 4.0(1d) | 3.2(3o) | 4.0(4i) | 4.1(1d) | 4.1(2a) | 4.1(1e) | 3.2(3p) | 4.1(2b) | 4.0(4k) | 4.1(3a) | 4.1(3b) | 4.1(2c) | 4.0(4l) | 4.1(4a) | 4.1(3c) | 4.1(3d) | 4.2(1c) | 4.2(1d) | 4.0(4m) | 4.1(3e) | 4.2(1f) | 4.1(3f) | 4.2(1i) | 4.1(3h) | 4.2(1k) | 4.2(1l) | 4.0(4n) | 4.2(1m) | 4.1(3i) | 4.2(2a) | 4.2(1n) | 4.1(3j) | 4.2(2c) | 4.2(2d) | 4.2(3b) | 4.1(3k) | 4.0(4o) | 4.2(2e) | 4.2(3d) | 4.2(3e) | 4.2(3g) | 4.1(3l) | 4.3(2b) | 4.2(3h) | 4.2(3i) | 4.3(2c) | 4.1(3m) | 4.3(2e) | 4.3(3a) | 4.2(3j) | 4.3(3c) | 4.3(4a) | 4.2(3k) | 4.3(4b) | 4.3(4c) | 4.2(3l) | 4.3(4d) | 4.3(2f) | 4.2(3m) | 4.3(5a) | 4.3(4e) | 4.1(3n) | 4.3(4f) | 4.2(3n) | 4.3(5c) | 4.2(3o) | 4.3(5d) | 4.3(5e) | 2.0(1a) | 4.0(2g) | 2.0(13f) | 3.0(4n) | 2.0(3e)1 | 3.0(3e) | 2.0(8h) | 2.0(10g) | 3.1(2i) | 3.0(3c) | 3.0(4m) | 3.1(1d) | 3.0(3a) | 3.0(1d) | 2.0(9o) | 2.0(13n) | 4.0(4i) | 4.1(1c) | 2.0(13q) | 2.0(3j)1 | 4.0(2c) | 2.0(9n) | 4.0(1e) | 2.0(13o) | 2.0(6f) | 2.0(10c) | 2.0(8d) | 2.0(9m) | 4.0(2h) | 3.0(4j) | 2.0(10i) | 3.0(3f) | 2.0(10l) | 2.0(12e) | 2.0(12i) | 2.0(10h) | 2.0(13e) | 3.0(4k) | 2.0(10b) | 2.0(6d) | 2.0(12b) | 4.0(4h) | 2.0(12h) | 2.0(10f) | 3.0(4l) | 4.0(1h) | 4.0(2l) | 2.0(3i) | 2.0(3f)3 | 3.0(4a) | 2.0(13p) | 2.0(9l) | 2.0(12g) | 2.0(12c) | 2.0(12f) | 2.0(13k) | 3.0(3b) | 2.0(1b) | 3.1(3g) | 2.0(4c) | 4.0(1.240) | 2.0(12d) | 4.0(2f) | 4.0(1g) | 3.0(4d) | 3.0(2b) | 2.0(3d)2 | 2.0(3d)1 | 2.0(9f) | 2.0(13h) | 3.0(4e) | 2.0(8g) | 4.0(2i) | 2.0(10e) | 2.0(13i) | 2.0(9c) | 2.0(4c)1 | 3.0(1c) | 2.0(8e) | 2.0(9e) | 2.0(9p) | 3.1(3i) | 3.0(4i) | 2.0(10k) | 3.0(4o) | 4.0(4d) | 4.1(1d) | 3.1(3c) | 4.0(4k) | 3.1(2d) | 3.1(3a) | 3.1(3j) | 4.0(2d) | 4.1(1f) | 3.0(4p) | 4.0(1c) | 4.0(4f) | 4.0(4c) | 3.1(3d) | 3.1(2g) | 3.1(2c) | 4.0(1d) | 3.1(2e) | 4.0(1a) | 4.0(1b) | 3.1(3b) | 4.0(4b) | 3.1(2b) | 4.0(4e) | 3.1(3h) | 3.0(4q) | 4.0(4l) | 4.1(1g) | 4.1(2a) | 3.0(4r) | 4.0(2n) | 4.1(1h) | 3.1(3k) | 4.1(2b) | 4.0(2o) | 4.0(4m) | 4.1(2d) | 4.1(3b) | 4.0(2p) | 4.1(2e) | 4.1(2f) | 3.0(4s) | 4.0(4n) | 4.0(2q) | 4.1(3c) | 4.0(2r) | 4.1(3d) | 4.1(2g) | 4.1(2h) | 4.1(3f) | 4.1(2j) | 4.1(2k) | 4.1(3h) | 4.2(2a) | 4.1(3i) | 4.2(2f) | 4.2(2g) | 4.2(3b) | 4.1(3l) | 4.2(3d) | 4.3(1.230097) | 4.2(1e) | 4.2(1b) | 4.2(1j) | 4.2(1i) | 4.2(1f) | 4.2(1a) | 4.2(1c) | 4.2(1g) | 4.3(1.230124) | 4.1(2l) | 4.2(3e) | 4.3(1.230138) | 4.2(3g) | 4.3(2.230207) | 4.2(3h) | 4.2(3i) | 4.3(2.230270) | 4.1(3m) | 4.1(2m) | 4.3(2.240002) | 4.3(3.240022) | 4.2(3j) | 4.1(3n) | 4.3(2.240009) | 4.3(3.240043) | 4.3(4.240142) | 4.3(2.240037) | 4.3(2.240053) | 4.3(4.240152) | 4.2(3l) | 4.3(2.240077) | 4.3(4.242028) | 4.3(4.241063) | 4.3(4.242038) | 4.2(3m) | 4.3(2.240090) | 4.3(5.240021) | 4.3(2.240107) | 4.3(4.242066) | 4.2(3n) | 4.3(2.250016) | 4.3(2.250021) | 4.3(2.250022) | 4.3(2.250037) | 4.3(2.250045) | 4.3(4.252002) | 3.2.7 | 3.2.6 | 3.2.4 | 3.2.10 | 3.2.2 | 3.2.3 | 2.4.0 | 3.2.1 | 3.2.11.1 | 3.2.8 | 3.1.1 | 3.0.2 | 2.1.0 | 2.2.2 | 3.1.2 | 3.0.1 | 2.3.2 | 2.3.5 | 2.2.1 | 3.1.4 | 2.4.1 | 2.3.1 | 3.1.3 | 2.3.3 | 2.4.2 | 3.1.5 | 3.1.0 | 2.0.0 | 3.2.11.3 | 3.2.11.5 | 3.2.12.2 | 3.2.13.6 | 3.2.14 | 4.11.1 | 3.2.15 | 4.12.1 | 3.2.15.3 | 4.12.2 | 3.2.16.1 | 2.02 | 4.00

CWE

CWE-601, URL Redirection to Untrusted Site (‘Open Redirect’)

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Published

2025-08-27T16:23:18.607Z

Updated

2025-08-27T18:52:07.395Z

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK

AI Summary Analysis

Risk verdict

High potential impact if exploited, but there is no public exploitation or PoC reported; the open redirect could lead to credential theft via user interaction.

Why this matters

The vulnerability enables an unauthenticated attacker to redirect users to a malicious site during a vKVM session, potentially harvesting credentials. In Cisco UCS environments, that credential exposure could grant access to management surfaces or subsequent footholds, increasing risk to sensitive infrastructure.

Most likely attack path

Attacker can exploit over the network with no privileges required; user interaction is needed.
User is lured to click a crafted link, triggering a redirect to an attacker-controlled site.
If credentials are entered during the redirected session, secrets may be exfiltrated; limited to the initial scope of the affected vKVM/IMC client.

Who is most exposed

Sites with vKVM access to Cisco UCS Manager or UCS E-Series/Standalone deployments, especially where remote management consoles are exposed to users or assistants via email or chat.

Detection ideas

Monitor for anomalous redirects from vKVM endpoints to untrusted domains following user clicks.
Correlate user login events with sudden redirects or 302 responses to external hosts.
Inspect vKVM session logs for unexpected external redirects or URL patterns.
Alert on credential submissions to non-corporate domains during management sessions.
Look for unusual DNS lookups or outbound traffic to new domains during active KVM sessions.

Mitigation and prioritisation

Apply vendor patch or upgrade to supported, fixed versions as soon as available.
Where patching is not feasible, disable or restrict vKVM redirects to trusted networks; implement stricter access controls and MFA for management interfaces.
Enforce endpoint- and network-level protections against open redirects (proxy/WAF rules, URL validation).
Schedule change windows and verify rollback procedures; document compensating controls.
EPSS not provided; KEV not indicated; therefore not treating as priority 1 unless new exploitation signals emerge.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: cisco, cisco-unified-computing-system-e-series-software-ucse, cisco-unified-computing-system-managed, cisco-unified-computing-system-standalone, CVE, cve-2025-20317, OSINT, threatintel

CVE Alert: CVE-2025-20317 – Cisco – Cisco Unified Computing System (Managed)