- Description
- A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-77
- Hype score
- Not currently trending
My first CVE-2025-20258 in Cisco Duo Authentication https://t.co/xnviET8A1x #BugBounty #EthicalHacking #hackerone @Hacker0x01 https://t.co/WU6QlkXjA4
@code_13x
28 May 2025
641 Impressions
1 Retweet
21 Likes
3 Bookmarks
2 Replies
0 Quotes
CVE-2025-20258 Unauthenticated Command Injection Vulnerability in Cisco Duo Self-Servic... https://t.co/taWa7tKd0a Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
22 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20258 A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the … https://t.co/3Zvo7YeHIZ
@CVEnew
21 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes