[Vulnerability Alert] Cisco Catalyst Center has a critical security vulnerability (CVE-2025-20341)

• Subject: [Vulnerability Alert] Cisco Catalyst Center has a critical security vulnerability (CVE-2025-20341)

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000011
  • Catalyst Center is a network management platform provided by Cisco, which helps network administrators more efficiently manage and monitor enterprise network environments through automated configuration and deployment features. Recently, Cisco issued a critical security vulnerability advisory (CVE-2025-20341, CVSS: 8.8). The vulnerability stems from insufficient user input validation, allowing an attacker to send a specially crafted HTTP request to the affected system to perform unauthorized modifications.
  • Note: For an attacker to exploit this vulnerability, they must have valid credentials with at least the “Observer” role.
• Affected Platforms:
  • Cisco Catalyst Center versions prior to 2.3.7.10-VA (exclusive), starting from 2.3.7.3-VA
• Recommended Measures:
  • Please update to the following version: Cisco Catalyst Center 2.3.7.10-VA (inclusive) or later.
• References:
  • https://www.twcert.org.tw/tw/cp-169-10507-ed3a8-1.html

Computer and Communications Center
Network Systems Group