What is CVE-2025-20123?

Multiple vulnerabilities in the Cisco Crosswork Network Controller's web-based management interface allow authenticated attackers to execute cross-site scripting (XSS) attacks. Organizations should prioritize patching to mitigate risks associated with these vulnerabilities.

What is the severity of CVE-2025-20123?

CVE-2025-20123 has a severity rating of MEDIUM with a CVSS base score of 4.8.

CVE-2025-20123 | Medium Vulnerability in Cisco Crosswork Network Controller

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Vulnerability Details

The vulnerabilities have been classified under CWE-79, indicating a cross-site scripting issue. The CVSS score of 4.8 reflects a medium severity level. This score is significant as it indicates potential impacts on confidentiality and integrity, albeit with no impact on availability. Cisco Crosswork Network Controller versions 5.0.0 to 5.0.3, 6.0.0 to 6.0.2, and 7.0.0 to 7.0.0 are affected by these vulnerabilities. The publication date of the advisory was January 8, 2025.

Technical Analysis

The root cause of this vulnerability lies in improper input validation within the web-based management interface. The attack vector is through the network, allowing remote attackers to send crafted inputs to the interface. The attack complexity is classified as low, indicating ease of exploitation. The attacker requires high privileges, specifically administrative credentials, to exploit this vulnerability. User interaction is required for successful exploitation, as the attacker must entice a user to access the malicious input. The confidentiality impact is low, and the integrity impact is also low, with no availability impact.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive information and execution of arbitrary scripts in the context of the affected interface, which could lead to further exploitation or data breaches. The vulnerabilities present a medium risk level due to the requirement of valid administrative credentials, but organizations should prioritize patching immediately to mitigate these threats. The blast radius is moderate, affecting all instances of the specified versions of the Cisco Crosswork Network Controller.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Cisco Crosswork Network Controller are 5.0.0 to 5.0.3, 6.0.0 to 6.0.2, and 7.0.0 to 7.0.0. Organizations using these versions should take immediate action to remediate the vulnerabilities by applying the latest patches provided by Cisco.

Mitigation & Remediation

Organizations should prioritize patching immediately. Cisco has released updates that address these vulnerabilities. It is critical to upgrade to the latest version of the Crosswork Network Controller to ensure all security flaws are addressed. Regular security assessments and configuration reviews can help mitigate similar vulnerabilities in the future. For more information on conducting thorough security testing, consider engaging in penetration testing and implementing best practices for secure coding.

Detection Guidance

Monitor logs for any unusual activity related to the web-based management interface. Key indicators include unexpected access attempts, unusual input patterns, and any attempts to execute scripts not originating from trusted sources. Implement network controls to restrict access to the management interface, ensuring only authorized personnel can reach it.

AppSecure Threat Intelligence Insight

This vulnerability highlights ongoing challenges in web application security, particularly concerning input validation mechanisms. Security teams should learn from this and enhance their defenses against XSS attacks. It is essential to adopt a proactive approach to web security, which includes regular audits and employing defensive coding practices. Organizations should also keep abreast of emerging threats and adjust their security posture accordingly. Exploring resources on penetration testing methodology can aid in understanding how to tighten security measures. Additionally, reviewing best practices in security testing is crucial for maintaining a robust security framework.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-20123: Medium Vulnerability in Cisco Crosswork Network Controller