CVE Details
Basic Information
| Title |
CVE-2025-20258 |
| Type |
cve |
| Published |
2025-05-21T17:15:57 |
| Last Seen |
2025-05-21T17:24:50 |
CVSS Information
| Base Score |
5.4 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
NONE |
| User Interaction |
REQUIRED |
| Scope |
UNCHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
A vulnerability in Cisco Duo’s self-service portal allows unauthenticated attackers to inject arbitrary commands into emails sent by the service due to insufficient input validation. |
| AI Severity |
Medium |
| Vendor |
Cisco |
| Product |
Cisco Duo |
| Affected Version |
Not specified |
Additional Information
| CVE List |
CVE-2025-20258 |
| CWE List |
CWE-77 |
| Bulletin Family |
cve |
Description
A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
