Analysis Summary

CVE-2025-20123 CVSS:4.8

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system.

CVE-2025-20126 CVSS:4.8

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information.

CVE-2025-20166 CVSS:5.4

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

CVE-2025-20167 CVSS:5.4

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

CVE-2025-20168 CVSS:5.4

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

Impact

• Gain Access
• Cross-Site Scripting

Indicators of Compromise

CVE

• CVE-2025-20123

• CVE-2025-20126

• CVE-2025-20166

• CVE-2025-20167

• CVE-2025-20168

Affected Vendors

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-20123

CVE-2025-20126

CVE-2025-20166

CVE-2025-20167

CVE-2025-20168