NewsSecurity Vulnerabilities

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability (CVE-2025-20317)

CVE number = CVE-2025-20317

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.

This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link.

A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.

Note: The affected vKVM client is also included in Cisco UCS Manager.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This vulnerability affects the following Cisco products if they are running a vulnerable software release, regardless of device configuration:

Cisco appliances that are based on a preconfigured version of one of the Cisco UCS C-Series Servers that are in the preceding list are also affected by this vulnerability if they expose access to the Cisco IMC UI. At the time of publication, this included the following Cisco products:

Secure Workload Servers

  • Application Policy Infrastructure Controller (APIC) Servers
  • Business Edition 6000 and 7000 Appliances
  • Catalyst Center Appliances, formerly DNA Center
  • Cisco Telemetry Broker Appliance
  • Cloud Services Platform (CSP) 5000 Series
  • Common Services Platform Collector (CSPC) Appliances
  • Connected Mobile Experiences (CMX) Appliances
  • Connected Safety and Security UCS Platform Series Servers
  • Cyber Vision Center Appliances
  • Expressway Series Appliances
  • HyperFlex Edge Nodes
  • HyperFlex Nodes
  • IEC6400 Edge Compute Appliances
  • IOS XRv 9000 Appliances
  • Meeting Server 1000 Appliances
  • Nexus Dashboard Appliances
  • Prime Infrastructure Appliances
  • Prime Network Registrar Jumpstart Appliances
  • Secure Endpoint Private Cloud Appliances
  • Secure Firewall Management Center Appliances
  • Secure Malware Analytics Appliances
  • Secure Network Analytics Appliances
  • Secure Network Server Appliances

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.