Cisco has disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated Management Controller (IMC), tracked as CVE-2025-20317 with a CVSS score of high. The flaw allows an unauthenticated remote attacker to redirect users or administrators of affected devices to malicious websites, enabling phishing or credential harvesting. The vulnerability arises from insufficient validation in vKVM’s connection handling, where a specially crafted link can trick the vKVM client into redirecting users to arbitrary URLs. Given that IMC interfaces are used for sensitive system management, compromised credentials could lead to broader compromise of Cisco UCS infrastructure.

The issue is significant because the vulnerable vKVM client is present in both Cisco IMC and UCS Manager, extending the risk to a wide range of products. Impacted platforms include UCS B-Series and X-Series servers, UCS C-Series M6–M8 and E-Series M6 servers, and Catalyst 8300 uCPE, along with numerous Cisco appliances built on C-Series servers such as APIC, DNA Center, HyperFlex, Nexus Dashboard, Secure Firewall Management Center, and more. Cisco has enumerated dozens of affected product families, stressing that only devices running updated IMC firmware or UCS Manager software versions are safe.

Cisco has confirmed that no workarounds are available, making patching the only defense. Fixed versions include UCS Manager updates in 4.2(3p) and 4.3(6a), IMC fixes in 4.2(3o) and 4.15.2, NFVIS 4.18.1 or later for Catalyst 8300, and firmware 5.3(0.250001) and above for B-Series and X-Series servers. Appliance-specific remediation steps, such as ISO-based firmware updates or use of Cisco’s Host Upgrade Utility, are also outlined. Customers with valid service contracts can obtain updates through Cisco’s Support and Downloads portal, while those without active contracts may request fixes directly from Cisco TAC at no additional cost.

Although Cisco has not observed exploitation in the wild, the simplicity of the attack and the sensitivity of management interfaces make rapid remediation critical. Organizations should immediately inventory their UCS and IMC environments, check versions against Cisco’s fixed-release matrix, and upgrade vulnerable systems. Additionally, administrators should reinforce best practices by avoiding untrusted links to reduce the risk of exploitation. With no temporary mitigations available, timely patch deployment remains the only safeguard against attackers exploiting this redirect vulnerability to harvest credentials and compromise critical UCS workloads.