Cisco has released a warning about a newly discovered high-severity vulnerability (CVE-2025-20341) affecting the Cisco Catalyst Center Virtual Appliance. This flaw allows authenticated remote users to escalate their privileges to Administrator, giving them full control over the system.
The vulnerability exists because the appliance does not properly validate user-supplied input. As a result, even a user with the Observer role—the lowest level of access—can send crafted HTTP requests that bypass normal security checks.
Once exploited, attackers could create new accounts, modify system settings, or take over the appliance entirely.
Which Deployments Are Affected?
Cisco confirms that the issue affects only the Virtual Appliance running on VMware ESXi.
The following are not impacted:
- Catalyst Center hardware appliances
- Virtual Appliances deployed on AWS
In terms of software versions:
- Not affected: Versions earlier than 2.3.7.3-VA and version 3.1
- Affected: Versions 2.3.7.3-VA and later
- Fixed version: Upgrade to 2.3.7.10-VA or later
There are no temporary workarounds. An upgrade is the only way to eliminate the risk.
According to Cisco’s PSIRT team:
- No active exploitation has been detected
- No public reports or attacks have been observed
- The vulnerability was found internally during a TAC support case
Even though it hasn’t been exploited yet, the ease of privilege escalation makes this a high-priority issue for organizations.
Action Required
Cisco advises all customers using the affected Virtual Appliance to:
- Review the official Cisco security advisory
- Check the running software version
- Immediately apply the fixed release (2.3.7.10-VA or higher)
Updating ensures the appliance cannot be compromised through this privilege escalation flaw and keeps the deployment aligned with Cisco’s security best practices.
Leave A Comment