{“lastseen”:””,”description”:”A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device.\\r\\n\\r This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device.”,”published”:”2025-09-24T17:14:34.470Z”,”modified”:”2025-09-24T17:31:12.331Z”,”type”:”cve”,”title”:”CVE-2025-20240″,”source”:”cisco”,”references”:”https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-webui-xss-VWyDgjOU”,”id”:”CVE-2025-20240″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Cisco Cisco IOS XE Software 16.6.1\\nCisco Cisco IOS XE Software 16.6.2\\nCisco Cisco IOS XE Software 16.6.3\\nCisco Cisco IOS XE Software 16.6.4\\nCisco Cisco IOS XE Software 16.6.5\\nCisco Cisco IOS XE Software 16.6.4a\\nCisco Cisco IOS XE Software 16.6.5a\\nCisco Cisco IOS XE Software 16.6.6\\nCisco Cisco IOS XE Software 16.6.7\\nCisco Cisco IOS XE Software 16.6.8\\nCisco Cisco IOS XE Software 16.6.9\\nCisco Cisco IOS XE Software 16.6.10\\nCisco Cisco IOS XE Software 16.7.1\\nCisco Cisco IOS XE Software 16.7.1a\\nCisco Cisco IOS XE Software 16.7.1b\\nCisco Cisco IOS XE Software 16.7.2\\nCisco Cisco IOS XE Software 16.7.3\\nCisco Cisco IOS XE Software 16.7.4\\nCisco Cisco IOS XE Software 16.8.1\\nCisco Cisco IOS XE Software 16.8.1a\\nCisco Cisco IOS XE Software 16.8.1b\\nCisco Cisco IOS XE Software 16.8.1s\\nCisco Cisco IOS XE Software 16.8.1c\\nCisco Cisco IOS XE Software 16.8.1d\\nCisco Cisco IOS XE Software 16.8.2\\nCisco Cisco IOS XE Software 16.8.1e\\nCisco Cisco IOS XE Software 16.8.3\\nCisco Cisco IOS XE Software 16.9.1\\nCisco Cisco IOS XE Software 16.9.2\\nCisco Cisco IOS XE Software 16.9.1a\\nCisco Cisco IOS XE Software 16.9.1b\\nCisco Cisco IOS XE Software 16.9.1s\\nCisco Cisco IOS XE Software 16.9.3\\nCisco Cisco IOS XE Software 16.9.4\\nCisco Cisco IOS XE Software 16.9.3a\\nCisco Cisco IOS XE Software 16.9.5\\nCisco Cisco IOS XE Software 16.9.5f\\nCisco Cisco IOS XE Software 16.9.6\\nCisco Cisco IOS XE Software 16.9.7\\nCisco Cisco IOS XE Software 16.9.8\\nCisco Cisco IOS XE Software 16.10.1\\nCisco Cisco IOS XE Software 16.10.1a\\nCisco Cisco IOS XE Software 16.10.1b\\nCisco Cisco IOS XE Software 16.10.1s\\nCisco Cisco IOS XE Software 16.10.1c\\nCisco Cisco IOS XE Software 16.10.1e\\nCisco Cisco IOS XE Software 16.10.1d\\nCisco Cisco IOS XE Software 16.10.2\\nCisco Cisco IOS XE Software 16.10.1f\\nCisco Cisco IOS XE Software 16.10.1g\\nCisco Cisco IOS XE Software 16.10.3\\nCisco Cisco IOS XE Software 16.11.1\\nCisco Cisco IOS XE Software 16.11.1a\\nCisco Cisco IOS XE Software 16.11.1b\\nCisco Cisco IOS XE Software 16.11.2\\nCisco Cisco IOS XE Software 16.11.1s\\nCisco Cisco IOS XE Software 16.12.1\\nCisco Cisco IOS XE Software 16.12.1s\\nCisco Cisco IOS XE Software 16.12.1a\\nCisco Cisco IOS XE Software 16.12.1c\\nCisco Cisco IOS XE Software 16.12.1w\\nCisco Cisco IOS XE Software 16.12.2\\nCisco Cisco IOS XE Software 16.12.1y\\nCisco Cisco IOS XE Software 16.12.2a\\nCisco Cisco IOS XE Software 16.12.3\\nCisco Cisco IOS XE Software 16.12.8\\nCisco Cisco IOS XE Software 16.12.2s\\nCisco Cisco IOS XE Software 16.12.1x\\nCisco Cisco IOS XE Software 16.12.1t\\nCisco Cisco IOS XE Software 16.12.4\\nCisco Cisco IOS XE Software 16.12.3s\\nCisco Cisco IOS XE Software 16.12.3a\\nCisco Cisco IOS XE Software 16.12.4a\\nCisco Cisco IOS XE Software 16.12.5\\nCisco Cisco IOS XE Software 16.12.6\\nCisco Cisco IOS XE Software 16.12.1z1\\nCisco Cisco IOS XE Software 16.12.5a\\nCisco Cisco IOS XE Software 16.12.5b\\nCisco Cisco IOS XE Software 16.12.1z2\\nCisco Cisco IOS XE Software 16.12.6a\\nCisco Cisco IOS XE Software 16.12.7\\nCisco Cisco IOS XE Software 16.12.9\\nCisco Cisco IOS XE Software 16.12.10\\nCisco Cisco IOS XE Software 16.12.10a\\nCisco Cisco IOS XE Software 16.12.11\\nCisco Cisco IOS XE Software 16.12.12\\nCisco Cisco IOS XE Software 16.12.13\\nCisco Cisco IOS XE Software 17.1.1\\nCisco Cisco IOS XE Software 17.1.1a\\nCisco Cisco IOS XE Software 17.1.1s\\nCisco Cisco IOS XE Software 17.1.1t\\nCisco Cisco IOS XE Software 17.1.3\\nCisco Cisco IOS XE Software 17.2.1\\nCisco Cisco IOS XE Software 17.2.1r\\nCisco Cisco IOS XE Software 17.2.1a\\nCisco Cisco IOS XE Software 17.2.1v\\nCisco Cisco IOS XE Software 17.2.2\\nCisco Cisco IOS XE Software 17.2.3\\nCisco Cisco IOS XE Software 17.3.1\\nCisco Cisco IOS XE Software 17.3.2\\nCisco Cisco IOS XE Software 17.3.3\\nCisco Cisco IOS XE Software 17.3.1a\\nCisco Cisco IOS XE Software 17.3.1w\\nCisco Cisco IOS XE Software 17.3.2a\\nCisco Cisco IOS XE Software 17.3.1x\\nCisco Cisco IOS XE Software 17.3.1z\\nCisco Cisco IOS XE Software 17.3.4\\nCisco Cisco IOS XE Software 17.3.5\\nCisco Cisco IOS XE Software 17.3.4a\\nCisco Cisco IOS XE Software 17.3.6\\nCisco Cisco IOS XE Software 17.3.4b\\nCisco Cisco IOS XE Software 17.3.4c\\nCisco Cisco IOS XE Software 17.3.5a\\nCisco Cisco IOS XE Software 17.3.5b\\nCisco Cisco IOS XE Software 17.3.7\\nCisco Cisco IOS XE Software 17.3.8\\nCisco Cisco IOS XE Software 17.3.8a\\nCisco Cisco IOS XE Software 17.4.1\\nCisco Cisco IOS XE Software 17.4.2\\nCisco Cisco IOS XE Software 17.4.1a\\nCisco Cisco IOS XE Software 17.4.1b\\nCisco Cisco IOS XE Software 17.4.2a\\nCisco Cisco IOS XE Software 17.5.1\\nCisco Cisco IOS XE Software 17.5.1a\\nCisco Cisco IOS XE Software 17.6.1\\nCisco Cisco IOS XE Software 17.6.2\\nCisco Cisco IOS XE Software 17.6.1w\\nCisco Cisco IOS XE Software 17.6.1a\\nCisco Cisco IOS XE Software 17.6.1x\\nCisco Cisco IOS XE Software 17.6.3\\nCisco Cisco IOS XE Software 17.6.1y\\nCisco Cisco IOS XE Software 17.6.1z\\nCisco Cisco IOS XE Software 17.6.3a\\nCisco Cisco IOS XE Software 17.6.4\\nCisco Cisco IOS XE Software 17.6.1z1\\nCisco Cisco IOS XE Software 17.6.5\\nCisco Cisco IOS XE Software 17.6.6\\nCisco Cisco IOS XE Software 17.6.6a\\nCisco Cisco IOS XE Software 17.6.5a\\nCisco Cisco IOS XE Software 17.6.7\\nCisco Cisco IOS XE Software 17.6.8\\nCisco Cisco IOS XE Software 17.6.8a\\nCisco Cisco IOS XE Software 17.7.1\\nCisco Cisco IOS XE Software 17.7.1a\\nCisco Cisco IOS XE Software 17.7.1b\\nCisco Cisco IOS XE Software 17.7.2\\nCisco Cisco IOS XE Software 17.10.1\\nCisco Cisco IOS XE Software 17.10.1a\\nCisco Cisco IOS XE Software 17.10.1b\\nCisco Cisco IOS XE Software 17.8.1\\nCisco Cisco IOS XE Software 17.8.1a\\nCisco Cisco IOS XE Software 17.9.1\\nCisco Cisco IOS XE Software 17.9.1w\\nCisco Cisco IOS XE Software 17.9.2\\nCisco Cisco IOS XE Software 17.9.1a\\nCisco Cisco IOS XE Software 17.9.1x\\nCisco Cisco IOS XE Software 17.9.1y\\nCisco Cisco IOS XE Software 17.9.3\\nCisco Cisco IOS XE Software 17.9.2a\\nCisco Cisco IOS XE Software 17.9.1×1\\nCisco Cisco IOS XE Software 17.9.3a\\nCisco Cisco IOS XE Software 17.9.4\\nCisco Cisco IOS XE Software 17.9.1y1\\nCisco Cisco IOS XE Software 17.9.5\\nCisco Cisco IOS XE Software 17.9.4a\\nCisco Cisco IOS XE Software 17.9.5a\\nCisco Cisco IOS XE Software 17.9.5b\\nCisco Cisco IOS XE Software 17.9.6\\nCisco Cisco IOS XE Software 17.9.6a\\nCisco Cisco IOS XE Software 17.9.7\\nCisco Cisco IOS XE Software 17.9.5e\\nCisco Cisco IOS XE Software 17.9.5f\\nCisco Cisco IOS XE Software 17.9.7a\\nCisco Cisco IOS XE Software 17.9.7b\\nCisco Cisco IOS XE Software 17.11.1\\nCisco Cisco IOS XE Software 17.11.1a\\nCisco Cisco IOS XE Software 17.12.1\\nCisco Cisco IOS XE Software 17.12.1w\\nCisco Cisco IOS XE Software 17.12.1a\\nCisco Cisco IOS XE Software 17.12.1x\\nCisco Cisco IOS XE Software 17.12.2\\nCisco Cisco IOS XE Software 17.12.3\\nCisco Cisco IOS XE Software 17.12.2a\\nCisco Cisco IOS XE Software 17.12.1y\\nCisco Cisco IOS XE Software 17.12.1z\\nCisco Cisco IOS XE Software 17.12.4\\nCisco Cisco IOS XE Software 17.12.3a\\nCisco Cisco IOS XE Software 17.12.1z1\\nCisco Cisco IOS XE Software 17.12.1z2\\nCisco Cisco IOS XE Software 17.12.4a\\nCisco Cisco IOS XE Software 17.12.5\\nCisco Cisco IOS XE Software 17.12.4b\\nCisco Cisco IOS XE Software 17.12.1z3\\nCisco Cisco IOS XE Software 17.12.5a\\nCisco Cisco IOS XE Software 17.12.1z4\\nCisco Cisco IOS XE Software 17.12.5b\\nCisco Cisco IOS XE Software 17.12.5c\\nCisco Cisco IOS XE Software 17.13.1\\nCisco Cisco IOS XE Software 17.13.1a\\nCisco Cisco IOS XE Software 17.14.1\\nCisco Cisco IOS XE Software 17.14.1a\\nCisco Cisco IOS XE Software 17.15.1\\nCisco Cisco IOS XE Software 17.15.1w\\nCisco Cisco IOS XE Software 17.15.1a\\nCisco Cisco IOS XE Software 17.15.2\\nCisco Cisco IOS XE Software 17.15.1b\\nCisco Cisco IOS XE Software 17.15.1x\\nCisco Cisco IOS XE Software 17.15.1z\\nCisco Cisco IOS XE Software 17.15.3\\nCisco Cisco IOS XE Software 17.15.2c\\nCisco Cisco IOS XE Software 17.15.2a\\nCisco Cisco IOS XE Software 17.15.1y\\nCisco Cisco IOS XE Software 17.15.2b\\nCisco Cisco IOS XE Software 17.15.3a\\nCisco Cisco IOS XE Software 17.15.3b\\nCisco Cisco IOS XE Software 17.16.1\\nCisco Cisco IOS XE Software 17.16.1a”,”sourceHref”:””,”cvss”:{“score”:6.1,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Cisco IOS XE Software”,”version”:”16.6.1″,”vendor”:”Cisco”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS)…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,31,12,21,13,7,11,5],"class_list":["post-18945","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-61","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n